Sr. Information Systems Security Officer (ISSO)

Tyto Athene is seeking a Sr. Information Systems Security Officer (ISSO) to support a federal customer on an Information Security program to serve as an ISSO and Task Lead.

Responsibilities:

• Lead, mentor, and supervise a team of security professionals responsible for the end-to-end implementation of the RMF lifecycle for customer's IT systems.
• Oversee and coordinate activities within the Prepare step, ensuring roles, responsibilities, and risk management strategies are clearly defined and maintained.
• Guide system categorization efforts to ensure all information systems are appropriately classified based on mission/business impact and regulatory requirements.
• Direct the selection, tailoring, and documentation of security controls aligned with system categorizations, Bureau risk appetite, and compliance requirements.
• Oversee the implementation of technical, operational, and management controls throughout system and application lifecycles, with a particular focus on quality and completeness of all deliverables.
• Ensure comprehensive security control assessments are planned, executed, and documented to validate the effectiveness of implemented safeguards.
• Prepare risk management documentation for system authorization and executive decision making.
• Direct ongoing monitoring and continuous assessment activities, collecting metrics to adjust security strategies and ensure sustained compliance.
• Foster a culture of security awareness, providing technical guidance and training to both team members and stakeholders.
• Maintain up-to-date knowledge of RMF, NIST guidance, and industry best practices in support of continuous process improvement.

Required:

• 15 years of experience in IT security, with a focus on federal IT compliance.
• Minimum of 9 years of work experience in a computer science or Cybersecurity related field.
• 7 years’ experience serving as an Information Systems Security Officer (ISSO) or Information System Security Engineer at a cleared facility.
• One of more of the following certifications: CISSP; GISP; CASP (SecurityX); CISM; GSLC
• Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, Splunk, IBM Guardium, HP WebInspect, Network Mapper (NMAP), and/or similar applications

• Experience supporting programs that operate hundreds of low-, moderate-, and high-impact on-premises and cloud (Azure/AWS) systems across unclassified and classified environments.

• Proven ability to communicate effectively with senior leadership and across diverse teams, acting as both a leader and collaborator.

Desired:

• Bachelor’s and/or advanced degree in computer science, business management, or IT related discipline is preferred.
• Experience in cybersecurity engineering, including encryption, multi-factor authentication, centralized logging, and other key risk management capabilities.
• Experience with DOJ, DHS, or similar federal agencies

Clearance:

• Active Top Secret clearance with SCI eligibility

Compensation:

• Compensation is unique to each candidate and relative to the skills and experience they bring to the position. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.

Benefits:

• Highlights of our benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave.