Information Systems Security Officer (ISSO), Lead

Dark Wolf Solutions is seeking a highly skilled and experienced professional to join our organization as the Lead Information Systems Security Officer (ISSO) in support of the Cybersecurity and Infrastructure Security Agency (CISA). As the Lead ISSO, you will be responsible for overseeing and managing the information security program, including the ATO process, ensuring compliance, and protecting the confidentiality, integrity, and availability of CISA's information systems and data. You will lead a team of ISSOs, collaborate with stakeholders, and implement strategies to enhance CISA's overall cybersecurity posture. This position is expected to be primarily remote, but candidates must reside within 50 miles of a Dark Wolf Office location. Key responsibilities include, but are not limited to: 

• Leading the preparation of Authorization to Operate (ATO) package documentation, including security assessment reports, system security plans, risk assessment reports, and other necessary artifacts.
• Coordinating with stakeholders to ensure ATO package documentation aligns with industry best practices, NIST guidelines, and agency-specific requirements.
• Assisting in conducting internal reviews and assessments to ensure ATO package documentation accurately reflects the current security posture and controls in place.
• Acting as a liaison with the Authorizing Official (AO) and other stakeholders during the ATO process, addressing any security concerns, coordinating assessments, and providing necessary documentation and supporting evidence.
• Developing and implementing comprehensive policies, procedures, and guidelines to support CISA's information security program, aligned with applicable laws, regulations, and cybersecurity standards.
• Providing leadership and guidance to a team of ISSOs, ensuring effective coordination of information security activities and fostering a culture of continuous improvement.
• Leading the development and execution of risk management processes, including risk assessments, vulnerability management, and threat modeling, to identify and address potential cybersecurity risks and vulnerabilities.
• Overseeing the implementation and maintenance of secure configurations for all information systems and networks, working closely with system administrators, network engineers, and other teams.
• Conducting security assessments and audits of technology infrastructure, systems, and applications to ensure compliance with relevant regulations, standards, and guidelines.
• Directing incident response efforts, overseeing the identification, containment, investigation, and resolution of security incidents, and ensuring compliance with incident response protocols.
• Collaborating with stakeholders to develop and deliver cybersecurity awareness and training programs, ensuring employees understand their roles and responsibilities in maintaining a secure environment.
• Managing relationships with internal and external auditors, ensuring timely completion of security audits and driving remediation efforts to meet compliance requirements.

Required Qualifications:

• Bachelor's degree in information security, computer science, or a related field
• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other relevant certifications highly desired
• Minimum of 7-10 years of progressive experience in information security, with a significant focus on managing and implementing information security programs
• Experience supporting the preparation and maintenance of Authorization to Operate (ATO) package documentation, including security assessment reports, system security plans, and other necessary artifacts
• Familiarity with NIST guidelines, industry best practices, and agency-specific requirements related to the ATO process
• Experience performing security assessments, vulnerability assessments, and penetration testing within a complex enterprise environment
• Familiarity with security control frameworks and standards, such as NIST SP 800-53, FIPS 199, and NIST SP 800-37
• Knowledge of ATO processes, NIST guidelines, and industry best practices related to system security plans, security assessments, and ATO package preparation
• Extensive knowledge of cybersecurity frameworks, regulations, and standards, such as NIST, FISMA, and CISA guidance, with direct experience in implementing these requirements
• Strong expertise in conducting risk assessments, vulnerability management, incident response, and security audits within a large enterprise or governmental environment
• Proven experience in managing and configuring security technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM tools, and other security solutions
• Excellent leadership and interpersonal skills, with the ability to effectively communicate and collaborate with stakeholders at all levels of the organization
• Strong analytical and problem-solving capabilities, with the ability to assess complex cybersecurity challenges and develop appropriate mitigation strategies
• In-depth knowledge of emerging cybersecurity trends, threats, and evolving technologies
• Up-to-date understanding of the current regulatory and compliance landscape in the cybersecurity fiel
• US citizenship and ability to obtain and maintain a DHS Suitability/Entry on Duty (EOD)

Desired Qualifications:

• JIRA experience
• MS SQL

The estimated salary for Lead candidates is expected to be $140,000.00 - $160,000.00, commensurate on experience. 

We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.