Lead ISSO

Responsibilities

We are seeking an experienced and driven Lead Information Systems Security Officer (ISSO) to guide and oversee the design, implementation, and continuous improvement of our USSF customer's information security program in CO Springs, CO. The Lead ISSO will serve as a critical point of contact for all security-related matters and be responsible for ensuring compliance with organizational, customer, and regulatory security requirements.

In this leadership role, you will manage a team of cybersecurity professionals, lead security initiatives, oversee risk management, and act as a key advisor on security policies and processes. The ideal candidate will bring a proactive approach to cyber defense, a deep understanding of compliance frameworks, and the ability to lead teams in creating a secure IT environment.

Key Responsibilities

Leadership and Team Management

• Manage and oversee a team of ISSOs, analysts, and engineers, ensuring alignment with organizational security goals and regulatory compliance requirements.
• Provide mentorship, training, and guidance for developing team members' skills and expertise.
• Assign and prioritize security-related tasks and initiatives to the team, and monitor progress to ensure objectives are met on time and within budget.
• Drive the implementation of best practices for system security, and manage the continual improvement of organizational cybersecurity posture.

Security Compliance and Risk Management

• Serve as the primary subject matter expert (SME) on security policies, frameworks, and any applicable standards, such as NIST 800-53, RMF, FISMA, ISO 27001, HIPAA, or GDPR.
• Develop, implement, and maintain System Security Plans (SSPs) and other security documentation in accordance with relevant compliance frameworks.
• Lead periodic risk assessments and vulnerability assessments, identifying gaps, and ensuring remediation of findings.
• Manage the certification and accreditation (C&A) process, as well as other security control assessments required by governing bodies.
• Regularly conduct security audits and reviews to ensure systems meet security requirements and there are no lapses in controls.
• Monitor and assess security-related control systems, ensuring continuity, accountability, and compliance through all aspects of the System Development Life Cycle (SDLC).

System Security Administration and Incident Response

• Oversee system security measures, such as access control, intrusion detection and prevention systems (IDPS), firewalls, data encryption, and vulnerability scanning.
• Manage the handling of security incidents and breaches, identifying root causes, documenting resolutions, and implementing preventative measures.
• Monitor security logs and review system audit trails for anomalous behavior or potential indications of unauthorized access.
• Maintain and enhance Incident Response and Business Continuity/Disaster Recovery (BCDR) frameworks.

Collaboration and Training

• Collaborate with system owners, administrators, and third-party vendors to address security concerns and integrate security into system design and implementation.
• Provide security awareness training to employees, contractors, and third-party vendors to ensure compliance with security practices and organizational policies.
• Act as the primary liaison with external auditors and regulatory agencies regarding organizational security audits and compliance reviews.

Policy Development and Documentation

• Draft, implement, and enforce security policies, standards, and procedures to protect organizational assets and data.
• Create and maintain systems documentation and ensure that security controls and processes are documented in detail for audits and internal use.
• Stay current with emerging cybersecurity threats, technologies, and regulations to recommend proactive solutions and ensure compliance with industry standards.

Qualifications

Required:

• Bachelor's degree (8-10 years' exp). Master's degree (6-8 years' exp) or a PhD (3-5 years' exp) in Computer Science, Information Security, Cybersecurity, or a related discipline (or equivalent work experience).

• 7+ years of experience in cybersecurity or system security-related roles.

• 3+ years of experience in leadership, mentoring, or team management roles in a security-focused environment.

• Proven hands-on experience with security operations, policies, and frameworks.

• Must possess and maintain an ACTIVE TS/SCI CLEARANCE

• Technical Expertise

• Strong knowledge of cybersecurity frameworks and standards, such as NIST Risk Management Framework (RMF), FISMA, ISO 27001/27002, and GDPR.

• Thorough understanding of operating systems security (Windows, Linux, and Unix), network protocols, and security tools such as firewalls, VPNs, IDS/IPS, and endpoint protection.

• Experience using vulnerability scanning tools such as Nessus, Qualys, or Rapid7, and security information and event management (SIEM) tools like Splunk or LogRhythm.

• Scripting and automation experience with languages like Python, PowerShell, or Bash is preferred.

• Familiarity with cloud security best practices for platforms such as AWS, Microsoft Azure, or Google Cloud Platform.

• Risk Management and Compliance

• Demonstrated experience implementing and managing risk management processes, including vulnerability and threat assessments, risk remediation planning, and reporting to leadership teams.

• Proven success in preparing for and passing third-party IT audits or certifications (e.g., FISMA audits, SOC 2 audits, etc.).

• Solid understanding of authentication mechanisms (Active Directory, SSO, MFA), encryption standards (TLS, AES), and secure data management principles.

• Leadership Skills

• Proven leadership experience managing teams of cybersecurity professionals and fostering collaboration across departments.

• Ability to work cross-functionally to influence security decisions and communicate complex technical issues to non-technical stakeholders.

• Problem-Solving and Analytical Skills

• Strong ability to evaluate risks and vulnerabilities, mitigate threats, and respond to incidents with urgency and precision.

• Analytical skills to correlate security events and identify potential sources or anomalies.

Preferred Qualifications

• Certifications (Preferred but Not Required):

• Certified Information Systems Security Professional (CISSP)

• Certified Information Systems Auditor (CISA)

• Certified Information Security Manager (CISM)

• GIAC Security Essentials (GSEC)

• AWS Security Specialty

• CRISC (Certified in Risk and Information Systems Control)

• Knowledge and experience with zero-trust architecture principles.

• Experience with DevSecOps and integrating security into CI/CD pipelines.

• Familiarity with tools such as AWS Config, Azure Security Center, or Google Cloud Security Command Center.

Equal Pay Act

This is the projected compensation range for this position. There are differentiating factors that can impact a final salary/hourly rate, including, but not limited to, Contract Wage Determination, relevant work experience, skills and competencies that align to the specified role, geographic location (For Remote Opportunities), education and certifications as well as Federal Government Contract Labor categories. In addition, Arcfield invests in its employees beyond just compensation. Arcfield 's benefits offerings include, dependent upon position, Health Insurance, Life Insurance, Paid Time Off, Holiday Pay, Short Term and Long-Term Disability, Retirement and Savings, Learning and Development opportunities, wellness programs as well as other optional benefit elections. Min: $97,016.00 Max: $168,692.00

EEO Statement

We are an equal opportunity employer and federal government contractor. We do not discriminate against any employee or applicant for employment as protected by law.