Information Systems Security Officer (ISSO)...

CGI Federal is seeking a Mid-Level Information Systems Security Officer (ISSO) to support a large federal initiative. The Mid-Level ISSO plays a critical role in implementing and assessing security controls, maintaining RMF documentation, supporting audits, and strengthening the security posture of enterprise systems across hybrid cloud and on-premises environments. The ISSO will work closely with senior cybersecurity staff, engineers, auditors, and federal stakeholders to support ATO development, continuous monitoring, vulnerability management, and security governance aligned with federal policies and standards.

Your future duties and responsibilities:

• Analyze, implement, and assess NIST 800-53 security controls for on-prem, cloud, and hybrid systems.

• Prepare and maintain RMF documentation packages including SSPs, CMPs, IRPs, ISCPs, and POA&Ms.

• Support internal and external audits, including evidence gathering and regulatory agency responses.

• Conduct information security maturity assessments and contribute to security roadmap development.

• Identify, categorize, and track risks; support remediation aligned with federal policy and NIST standards.

• Review and track vulnerability findings (ACAS, Nessus, STIG, SCAP) and collaborate with engineering teams on mitigation activities.

• Support continuous monitoring activities, change reviews, and compliance assessments.

• Help maintain security documentation repositories and contribute to governance improvements.

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Data Science, or related field.

• Minimum of 3+ years of cybersecurity or federal RMF experience.

• Active Top Secret (TS) clearance.

• Strong understanding of RMF, FISMA, and ATO processes.

• Ability to develop and maintain security documentation and communicate effectively across teams.

Preferred Certifications (Mid-Level Appropriate)

Preferred:

• Security+ CE

• CAP

• CISSP (Associate acceptable)

• CC (ISC2)

Nice to Have:

• CISSP (Full)

• CASP+ CE

• CCSP

• CISA

• GCIH

• GCED

• Other DoD 8570/8140 certifications

Technical Familiarity

• ACAS / Nessus vulnerability scanning and reporting

• STIG Viewer and SCAP compliance tools

• RMF workflow tools such as eMASS

• Cloud fundamentals (AWS, Azure, or GovCloud environments)

• Basic scripting familiarity (PowerShell, Bash, Python preferred but not required)

• Version control or DevOps tools for document management (e.g., Git, Azure DevOps)

• Understanding of vulnerability management, continuous monitoring, and security governance processes

Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction. Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team-one of the largest IT and business consulting services firms in the world.