Information System Security Officer
Company: Msccn
Location: Oak Ridge
Posted on: April 2, 2026
|
|
|
Job Description:
What You'll Do The Information System Security Officer (ISSO) is
responsible for the Assessment and Authorization (A&A) of
Federal information systems, as well as the development of
accreditation and other required cybersecurity documentation for
new and existing systems. This person maintains the day-to-day
cybersecurity posture of assigned information systems, and utilizes
various network tools for continuous monitoring of Information
Technology (IT) assets. The ISSO ensures that security controls are
implemented, documented, and monitored in accordance with
organizational policy and applicable cybersecurity standards. This
role works closely with System Owners, Information System Security
Managers (ISSMs), and cybersecurity teams to support system
authorization, continuous monitoring, and risk management
activities. Candidates are expected to have an understanding of the
NIST Risk Management Framework (RMF) and the various supporting
elements. Successful candidates for this role will be expected to
stay up to date on the latest cybersecurity risks and threats, as
well as work with technology subject matter experts (SME) to
develop risk assessments and the proper mitigations. Implements and
maintains security controls aligned with approved baselines and
organizational requirements. Supports system authorization
activities, including the development and maintenance of security
documentation such as System Security Plans (SSPs) and Plans of
Action and Milestones (POA&Ms). Monitors system security
posture and identifies risks, vulnerabilities, and compliance gaps.
Tracks and manages POA&Ms and coordinates remediation
activities with system stakeholders. Assesses the security impact
of system changes and supports configuration and change management
processes. Supports continuous monitoring activities, including
vulnerability management and security reporting. Serves as a
security liaison between system teams, cybersecurity operations,
and governance bodies. Prepares systems for security assessments,
audits, and Authorizing Official reviews. What You Can Expect
Meaningful work and unique opportunities to support missions vital
to national and global security Top-notch, dedicated colleagues
Generous pay and benefits with a stable organization Career
advancement and professional development programs Work-life balance
fostered through flexible work options and wellness initiatives
Certificates/Security Clearances/Other The minimum education and
experience for the lowest career level in the job posting range are
listed under Minimum Job Requirements. Successful candidates hired
into a higher career level than the minimum in the range must meet
the requirements listed in the job leveling charts for the career
level into which they are being hired. If a range of Career Levels
is posted, i.e., Senior Associate to Senior Specialist, internal
applicants already in one of the Career Levels would come across at
their current Career Level. Internal applicants currently in a
lower level Career Level would move to the lowest posted Career
Level. Requires a Q clearance; however all qualified candidates
will be considered regardless of their current clearance status.
The ability to obtain and maintain a Department of Energy Q
clearance is required. You will be working at the Y-12 National
Security Complex, managed by Consolidated Nuclear Security, LLC.
Minimum Job Requirements Bachelor's degree in
engineering/computer/mathematics/information technology discipline.
Eight or more years of relevant education, training, and/or
progressive experience may be considered to satisfy educational and
years-of-experience requirements for this posting. Preferred Job
Requirements Knowledge of computer networking concepts and
protocols, and network security methodologies Knowledge of risk
management processes (e.g., methods for assessing and mitigating
risk) Knowledge of cybersecurity and privacy principles Knowledge
of cybersecurity threats and vulnerabilities Knowledge of Security
Assessment and Authorization process Knowledge of Risk Management
Framework (RMF) best practices Ability to present administrative,
technical, and operational information clearly and effectively
through the oral and written word as well as diagrams and charts
Knowledge of NIST 800-53/53A security controls Ability to assess
and provide written assessments of A&A packages Experience with
RMF in the DOE Community Security, CEH Certification or CISSP
Certification FedRAMP and Cloud compliance experience Knowledge of
information technology (IT) security principles and methods (e.g.,
firewalls, demilitarized zones, encryption) Knowledge of
Application Security Risks Knowledge of laws, regulations,
policies, and ethics as they relate to cybersecurity and privacy
Knowledge of Supply Chain Risk Management Practices (NIST SP
800-161) Knowledge of Personally Identifiable Information (PII)
data security standards Knowledge of authentication, authorization,
and access control methods Knowledge of database systems Knowledge
of Industrial Control Systems (NIST 800-82) Knowledge of emerging
technologies that have potential for exploitation Knowledge of
system and application security threats and vulnerabilities (e.g.,
buffer overflow, mobile code, cross-site scripting.
Keywords: Msccn, Cleveland , Information System Security Officer, IT / Software / Systems , Oak Ridge, Tennessee
