Senior Information System Security Officer (ISSO)

Potential for Remote Work: ORA_HYBRID

Description

SAIC is seeking a Senior Information System Security Officer (ISSO) to support a critical U.S. government agency in the National Capital Region. This role reports to the Security Program Management Office (SPMO) Manager and works directly with the Lead ISSO to support authorization, compliance, continuous monitoring, and risk management activities across assigned systems.

This is an excellent opportunity for an experienced cybersecurity professional to contribute to the secure authorization and ongoing compliance of systems across both on-premise and cloud environments. The Senior ISSO will collaborate with federal ISSOs, system owners, engineers, and governance teams to maintain the confidentiality, integrity, and availability of government systems while supporting day-to-day Governance, Risk, and Compliance (GRC) operations.

ONSITE 3 days a week / 2 days remote

Responsibilities:

• Support system security authorization and continuous monitoring activities for assigned systems.
• Develop, implement, review, and maintain IT security controls in accordance with NIST SP 800-53, RMF, and agency security policies.
• Support the preparation, review, and submission of Security Authorization packages, including SSPs, SARs, POA&Ms, SIAs, and related authorization artifacts.
• Coordinate and prepare systems for Security Control Assessments (SCAs), ensuring documentation, evidence, and artifacts are accurate and complete.
• Conduct and document Security Impact Analyses (SIAs) for changes to hardware, software, cloud infrastructure, or connectivity.
• Participate in configuration and change control processes to ensure secure baselines are maintained and accurately reflected in system documentation.
• Assist in system categorization activities and validation of asset inventories to ensure appropriate control baselines are applied.
• Assess security control implementation effectiveness and identify deficiencies requiring remediation or risk acceptance.
• Support Risk Acceptance activities, POA&M tracking, remediation coordination, and audit response efforts.
• Support continuous monitoring activities by reviewing system changes, compliance evidence, and authorization-related activities to maintain ongoing compliance.
• Coordinate with system owners, engineers, and security stakeholders to support remediation and compliance activities.
• Participate in governance activities including standards reviews, exception handling, control updates, and policy compliance activities.
• Contribute to development and maintenance of security policies, procedures, technical documentation, status reports, dashboards, and risk briefings.
• Support maintenance of reporting artifacts, compliance metrics, workflow tracking, and collaboration sites using SharePoint, PowerBI, and related tools.
• Support the Lead ISSO in execution of operational, compliance, and stakeholder coordination activities.
• Ensure assigned activities align with NIST RMF, NIST SP 800-53, FISMA, and agency cybersecurity requirements.

Qualifications

Requirements:

• Bachelor's degree and 5+ years of experience in cybersecurity, RMF, compliance, ISSO, or systems security engineering roles, or Master's degree with 3+ years of experience.
• Ability to obtain and maintain a public trust requiring U.S. Citizenship or .
• Hands-on experience supporting or implementing security controls in enterprise or federal IT environments.
• Experience supporting authorization activities including SSP development, POA&M management, SIAs, continuous monitoring, and assessment support.
• Working knowledge of NIST RMF, NIST SP 800-53, FISMA, and federal cybersecurity policies and processes.
• Familiarity with cloud and hybrid environments including AWS, Azure, or Google Cloud Platform.
• Familiarity with enterprise technologies such as Microsoft 365, Azure AD, Cisco, and Oracle environments.
• Working knowledge of network and system security concepts including encryption, secure baselining, identity management, and OS hardening.
• Experience supporting Security Control Assessments (SCAs), audits, or compliance reviews.
• Experience with GRC and SA&A tools such as Archer, eMASS, JCAM/CSAM, Xacta, or similar platforms.
• Familiarity with SharePoint and PowerBI for documentation management, reporting, workflow tracking, and metrics activities.
• Strong documentation, analytical, organizational, and communication skills, including the ability to communicate technical issues to non-technical stakeholders.
• Ability to work independently and manage assigned tasks with limited oversight.
• Proficient in Microsoft Office (Word, Excel, PowerPoint, SharePoint).

Preferred Qualifications:

• Security+, CAP, CISSP, CISM, or similar cybersecurity certification.
• Experience supporting federal systems, ATO processes, or government compliance programs.
• Familiarity with FedRAMP, federal privacy requirements, or cloud compliance activities.
• Knowledge of OWASP Top 10, application security concepts, or modern cybersecurity best practices.
• Understanding of adversary TTPs and frameworks such as MITRE ATT&CK.
• Experience operating in fast-paced, high-visibility environments with competing priorities.

Target salary range: $80,001 - $120,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.

SAIC's approximately 15,000 employees are driven by integrity and mission focus to serve customers in the U.S. federal government. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $4.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see .