Information Systems Security Officer

Job Title : Senior Information System Security Officer (ISSO) Location : Alexandria, Virginia & Chantilly, Virginia Job Type : On-site Clearance Required : Top Secret / SCI Job Overview : We are seeking an experienced Information System Security Officer (ISSO) to support a mission-critical program focused on ensuring secure operations across multiple classified environments. The ISSO will be responsible for overseeing authorizations, risk management, and compliance related to the processing, storage, and transmission of sensitive information across multiple systems within the Analysis Sustainment portfolio. The role involves managing information security policies, leading assessment activities, conducting compliance reviews, and coordinating across teams to ensure all systems meet or exceed established security standards. The ISSO will serve as a key point of contact for system security, providing both technical leadership and program management support to maintain accreditation and compliance across all environments. Primary Responsibilities : Develop risk mitigation strategies that contribute to the effectiveness, efficiencies, and performance outcomes for strategic projects, program goals, and business processes. Respond to the needs for updates and maintenance of security documentation, especially System Security Plans, Plans of Actions and Milestones (POA&Ms); Security Impact Assessment for proposed system changes, and Concept of Operations that identify and explain how each system satisfies its assigned security control baselines. Maintain system security plans and related configuration records in customer Service+ (ServiceNow), XACTA-360 platform, and Leidos-CIO security tools. Drive security changes through steering groups and control (review) boards to meet Risk Management milestones. Work independently as well as collaboratively to drive security process improvements, especially to address gaps in meeting customer or Leidos security requirements and meet due diligence responsibilities. Provide guidance and engage the program lab team to implement secure software and hardware processes, apply government security standards, and commercial best security practices. Resolve highly complex security problems by applying technical knowledge, conceptualizing, reasoning, and interpretation of requirements. Communicate with Leidos and customer leadership (internally or client) regarding matters of significant importance to the organization / project. Apply in-depth understanding of information security technical principles, theories, concepts, and their application across a range of programs. Develop and maintain security documentation per customer / IC / DoD-DISA / NIST / Industry standards and policies. Initiate and coordinate all Assessment and Authorization (A&A) and renewal activities working with the customer Designated Authorization Officials (DAO or DAOR). Address any Information Assurance or Cybersecurity notices, orders, tasking, or directives as required following the NGA operations vulnerability and patch management processes. Measure effectiveness of defense-in-depth architecture and Zero Trust policy implementations against known vulnerabilities. Perform security audits and assessments, including creating, tracking, and assisting in remediation of Plan of Action and Milestones (POA&Ms). Coordinate with System Administrators and others to remediate all vulnerabilities and report results. Track open vulnerabilities, obtain and document approvals while managing POA&M status. Update Security CONOPS and Information Technology Disaster Recovery (ITDR) plans for each Security Plan. Manage security profiles and implementation for systems and services scheduled for Assessment and Authorization (A&A). Collaborate with the Systems Engineers and Administrators, Senior ISSO, ISSMs, Lab Team, and Leidos Corporate Security as required to develop and maintain security plans and associated documentation. Maintain records and documentation on program IT systems, upgrades, patches, and connectivity configurations. Evaluate security solutions and implementation strategies for program IT systems and services and maintain operational security posture of development, integration, and deployed capabilities. Provide training and approve user access and IAA (identification, authorization, and authentication) mechanisms for information systems. Basic Qualifications : US citizenship is required per contract. BS degree and 8 to 12 years of prior relevant experience to operate within the scope of responsibilities. Familiarity with customer mission operations, and security. Demonstrated understanding and application of the ICD-503 and NIST risk management framework. Experience with the following systems / platforms / tools : XACTA XACTA 360 (preferred) HBSS ACAS Nessus SPLUNK Preferred Qualifications : 3+ years of experience operating, analyzing, and resolving vulnerability scan results using tools such as Nessus, Tenable Security Center, or a comparable commercial or GOTs product. Active Certified Information Systems Security Professional (CISSP) certification or ISACA Certified Information Security Manager (CISM) certification. Intelligence Community experience preferred.