Senior ISSO

Washington, DC - Remote

Position Summary
The Senior ISSO leads all cybersecurity and compliance activities for the AI and Automation program, ensuring solutions comply with NIST, FISMA, and Government cybersecurity policies. This role serves as the primary liaison to Government's cybersecurity team and is responsible for security documentation, continuous monitoring, vulnerability management, and POA&M governance.

Key Responsibilities
• Develop and maintain System Security Plans (SSP) and security documentation for AI/automation systems
• Implement NIST SP 800-53 security controls and create Security Controls Traceability Matrices
• Support Assessment and Authorization (A&A) processes to achieve Authority to Operate (ATO)
• Conduct or facilitate security testing including vulnerability scans, STIG compliance checks, and penetration testing
• Manage Plan of Action and Milestones (POA&M) processes and deliver monthly POA&M reports by the 3rd business day
• Implement Information System Continuous Monitoring (ISCM) for all in-scope systems
• Coordinate with Government’s Security Operations Center (SOC) and integrate system logs with SIEM tools
• Ensure compliance with NIST and Government-specific cybersecurity requirements
• Apply Zero Trust Architecture principles to AI/automation system designs
• Validate FIPS 199 security categorization and risk assessments
• Support incident response activities and security event investigations
• Ensure FedRAMP compliance for cloud-based AI services
• Review and recommend security controls for AI/ML-specific risks (model integrity, adversarial AI)

Required Qualifications
• Education: Bachelor's degree in Cybersecurity, Information Technology, or related field
• Experience: 10+ years supporting NIST RMF/FISMA programs in federal environments
• Certifications:
- CompTIA Security+ (required/strongly preferred)
- CISSP and/or CAP certification (preferred)
• Technical Knowledge:
- Expert knowledge of NIST Risk Management Framework (RMF) and SP 800-53 controls
- Experience authoring SSPs, building control traceability matrices, and supporting A&A/ATO
- Proficiency in POA&M governance, vulnerability management, and STIG compliance
- Experience with continuous monitoring and SIEM tools (Splunk, Microsoft Sentinel)
- Knowledge of Zero Trust Architecture principles
- Understanding of FISMA reporting requirements

Preferred Qualifications
• Experience securing AI, automation, and RPA solutions
• Familiarity with FedRAMP High authorization requirements
• Experience with Microsoft Security Copilot or AI-assisted security tools
• Knowledge of supply chain risk management for AI tools