Information Security Officer
Role details
Job location
Tech stack
Job description
We are seeking a qualified Information System Security Officer (ISSO) to support cybersecurity, compliance, risk management, system authorization, and continuous monitoring activities for an enterprise IT environment. The selected candidate will work closely with cybersecurity leadership, IT teams, auditors, system owners, and business stakeholders to help strengthen the organization's security posture and maintain compliance with applicable security standards and regulatory requirements., * Support Risk Management Framework (RMF) processes and the system authorization lifecycle.
- Create and maintain system security baselines using NIST 800-53 security controls.
- Develop, review, and maintain security documentation, including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), policies, procedures, and related compliance documentation.
- Perform security control assessments, validation activities, and compliance reviews.
- Support governance, risk, and compliance activities using GRC platforms such as ServiceNow GRC.
- Ensure alignment with applicable cybersecurity frameworks and standards, including NIST, ISO 27001, PCI, TSA, and other regulatory requirements.
- Conduct vulnerability assessments and track remediation activities through the risk registry.
- Work with system owners and technical teams to identify, document, assess, and mitigate security risks.
- Monitor systems for compliance with approved security baselines, policies, and procedures.
- Support audit readiness activities and assist with responses to audit findings.
- Coordinate with appropriate teams on incident response activities and ensure proper reporting and documentation.
- Provide security guidance, awareness, and recommendations to technical and non-technical stakeholders.
- Prepare regular status updates, risk reports, compliance summaries, and documentation for management review.
- Collaborate with cross-functional teams to improve cybersecurity controls, processes, and overall security posture.
Requirements
- Proven experience as an Information System Security Officer, cybersecurity compliance analyst, security assessor, or similar cybersecurity role.
- Strong knowledge of NIST Risk Management Framework, NIST Cybersecurity Framework, NIST 800-53, and related standards.
- Experience with security compliance frameworks, including NIST CSF 2.0, NIST 800-53, and NIST SP 800-161.
- Experience developing and maintaining SSPs, POA&Ms, security policies, procedures, risk registers, and audit documentation.
- Familiarity with vulnerability management tools, security assessments, remediation tracking, and risk reporting.
- Strong understanding of network security, application security, data security, and enterprise IT security principles.
- Ability to communicate effectively with technical teams, business stakeholders, auditors, and leadership.
- Strong analytical, documentation, organizational, and problem-solving skills.
- Ability to work onsite and support a 1-year engagement.
Preferred Qualifications
- Experience with ServiceNow GRC or similar GRC platforms.
- Knowledge of cloud security concepts and environments such as Azure, AWS, or Google Cloud Platform.
- Relevant cybersecurity certifications such as CISSP, CISM, CISA, Security+, or similar.
- Prior experience supporting enterprise, government, transportation, aviation, or highly regulated environments., The ideal candidate is detail-oriented, documentation-focused, and experienced in cybersecurity compliance, risk management, and security authorization processes. This person should be comfortable working across technical and non-technical teams, supporting audit readiness, tracking security risks, and helping maintain compliance with established cybersecurity frameworks.
Benefits & conditions
Compensation will be based on experience, qualifications, and availability.
Pay: From $72.00 per hour