Senior Information Systems Security Officer (ISSO)

Tyto Athene is searching for a Senior Information Systems Security Officer (ISSO) with privacy experience. The candidate will ensure that security requirements for information systems meet FISMA requirements. Assist our client’s Privacy Officer in overseeing ongoing activities related to the development, implementation, maintenance of, and adherence to federal and organizational policies and procedures concerning the confidentiality of Personally Identifiable Information (PII) and other sensitive information. The ISSO will be involved in the application of federally mandated privacy laws, regulations, policies, and procedures to the specific privacy requirements, be knowledgeable in federal privacy laws and regulations and their relationship to the Privacy Act of 1974, the E-Government Act of 2002, and the Freedom of Information Act (FOIA).Responsibilities:Develop and update security authorization packages in accordance with the client’s requirements and the agency’s adoption of NIST and RMF. Core documents that the candidate will be responsible for are the System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, Security Impact Assessments, Risk Assessments, etc.Develop and maintain the Plan of Action and Milestones and support remediation activities to include the continuous monitoring processMaintain an inventory of hardware and software for the information system security boundaryDevelop, coordinate, test, and train on Contingency Plans and Incident Response PlansPerform risk analyses to determine cost-effective and essential safeguardsSupport Incident Response and Contingency activitiesDocument implementation statements using NIST 800-53 guidanceReview scan reports of the application, network, and databaseProvide continuous monitoring to enforce client security policy and procedures and create processes that will provide oversight into the following activities for the system owner.Coordinate with multiple stakeholders to complete mandatory agency data calls in a timely mannerConduct Privacy Threshold Analyses (PTAs) and Privacy Impact Assessments (PIAs), Remain current with new developments in OMB policies and NIST guidelinesPerform studies, technical assessments, surveys, and evaluations for detecting privacy weaknesses and deficiencies and recommend appropriate safeguardsPerform validation testing of weaknesses and deficiencies and update the documentation accordinglyAssist with the development of privacy policies and procedures for the clientRequired:Minimum Education: Bachelor’s Degree with a minimum of 8 years of relevant experience functioning as an ISSO Thorough understanding and knowledge of FISMA and SPA&A processExperience with NIST publications, OMB circulars, and memoranda, and CNSS publications and their requirements and impact on system securityProficiency in writing technical analysis reportsStrong written and oral communication skills/critical thinkingGood judgment and business acumenGood relationship managementStrong technical, analytical, troubleshooting, interpersonal, time management, and written/verbal communication skills and be able to work independently or within a team environmentAbility to work quickly, efficiently, and accurately in a dynamic and fluid environmentKnowledge of and proficiency in federal government privacy programs is requiredA demonstrated understanding of information privacy, including information access, the release of information, and implementation of control technologies as they apply to privacy information contained in electronic and non-electronic mediaDesired:Preferred certifications: CRISC, CAP, CISSP, Sec+, or equivalentUnderstanding and experience with ServiceNow, CSAM, GRC FedRAMP and non-FedRAMP cloud experienceExperience with vulnerability assessments tools such as Nessus, QualysExperience in administrating BSD/UNIX, Windows, Windows NT, LINUX, or open systems-compliant systemsPolicy writing background is highly preferredCIPP/G/US Certification is a PLUS.Clearance: US Citizen with Public Trust eligibility requiredLocation:This is a hybrid role with expectations of being on the client site a few days a week.Compensation:Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically between $120,000-$130,000. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.Benefits:Highlights of our benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave.Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation that drives measurable success. Our expertise spans four core technology domains—Network Modernization, Hybrid Cloud, Cybersecurity, and Enterprise IT—empowering our clients with cutting-edge solutions tailored to their evolving needs. With over 50 years of experience, Tyto Athene proudly support Defense, Intelligence, Space, National Security, Civilian, Health, and Public Safety clients across the United States and worldwide.At Tyto Athene, we believe that success starts with our people. We foster a collaborative, innovative, and mission-driven environment where every team member plays a critical role in shaping the future of technology. Are you ready to join #TeamTyto?Tyto Athene, LLC is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, [sexual orientation, gender identity,] national origin, disability, status as a protected veteran, or any characteristic protected by applicable law.

Created: 2025-11-15