Merrifield, VA, US
30 days ago
Information Systems Security Officer (ISSO)

Req ID: 342326 

NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a Information Systems Security Officer (ISSO) to join our team in Merrifield, Virginia (US-VA), United States (US).

Job Summary:

The Information Systems Security Officer (ISSO) is responsible for ensuring the secure operation of assigned information systems in compliance with organizational policies, client requirements, and federal cybersecurity standards such as NIST, FISMA, FedRAMP, and RMF. The ISSO supports authorization and assessment activities, maintains continuous monitoring programs, and responds to incidents to safeguard the confidentiality, integrity, and availability of systems and data.

 

Serving as the principal advisor to the Information System Owner (ISO) and the Chief Information Security Officer (CISO), the ISSO provides subject matter expertise on all security matters related to assigned systems. This includes supporting development of and maintaining security documentation, coordinating with technical staff and external partners, as well as ensuring that security controls remain effective throughout the system lifecycle. The ISSO plays a central role in authorization activities (RMF Steps 1–6) ensuring that information systems remain compliant, resilient, and aligned with federal and agency policy.

 

 

Duties and Responsibilities:

 

1. The ISSO ensures compliance with cybersecurity standards and manages system risk.

a. Ensure assigned systems comply with NIST, FISMA, FedRAMP, and agency frameworks, regulations, and guidance.

b. Conduct risk assessments and support the development of mitigation plans.

c. Assist in creation of and validation of System Security and Privacy Plans (SSPPs).

d. Validate security controls implementation in accordance with RMF requirements.

e. Support the Assessment and Authorization (A&A) process.

 

2. The ISSO supports developing, maintaining, managing security documentation and reporting.

a. Prepare and maintain SSPs, SARs, POA&Ms, ISCPs, IRPs, CMPs, and related artifacts.

b. Track and manage POA&Ms to address vulnerabilities and deficiencies.

c. Generate system security status reports and metrics for leadership and auditors.

d. Ensure documentation is accurate, current, and aligned with agency requirements.

 

3. The ISSO conducts security monitoring and supports incident response activities.

a. Conduct system log reviews, monitor system activity for abnormal behavior or potential compromise.

b. Review, analyze, and report on vulnerability and compliance scan results.

c. Ensure continuous monitoring of implemented security controls.

d. Participate in incident response activities, including investigation, reporting, and after-action documentation.

 

4. The ISSO coordinates with stakeholders and communicates system security requirements.

a. Collaborate with ISOs, ISSMs, system administrators, engineers, and other stakeholders.

b. Serve as a liaison with auditors, assessors, and external agencies during reviews.

c. Provide security training and awareness to system owners & users as needed.

d. Support contingency planning, testing, and disaster recovery activities.

 

5. The ISSO assists in developing, recommending, and validating security policies and procedures.

a. Contribute to the development and review of cybersecurity policies and procedures.

b. Ensure systems are operated, maintained, and disposed of in compliance with policy.

c. Support supply chain risk management requirements and validate use of third-party software.

 

6. The ISSO supports system security throughout the full system development lifecycle.

a. Provide advice on security requirements and architecture during design, development, and deployment for on-premises, hybrid, and cloud systems.

b. Ensure controls remain effective through operations, sustainment, and system disposal.

c. Reviews, recommends, and validates configuration and change management requests for assigned systems

i. Participates in Configuration Control Boards (CCBs).

ii. Review and assess the security impact of proposed system changes.

iii. Ensure security reviews are documented and follow established policy.

 

7. The ISSO fulfills general responsibilities to ensure compliance and support oversight.

a. Maintain positive working relationships with technical teams and stakeholders.

b. Ensure security authorization and assessment activities are executed in accordance with policy and procedures.

c. Support development of BIAs, PIAs, ISAs, and MOUs/A as required.

d. Maintain current information in the client's Assessment & Authorization (A&A) tool (e.g., JCAM).

e. Participate in security audits, assessments, and exercises.

f. Report incidents, risks, and issues to ISSMs, CISOs, and other stakeholders.

g. Complete required annual training and certifications.

h. Support other duties as assigned by ISSMs or the CISO.

 

 

Basic Qualifications:

Master’s degree in any of the following disciplines (Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science), from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRC. One-and-one- half (1.5) years of additional experience can substitute for one (1) year of a typical degree program. Minimum 10 years of experience in Information Technology (IT) and/or Information Security (IS). DoD 8140 certification for their respective area or the ability to obtain certification within six (6) months of onboarding. Must be a US citizen who possesses a Secret Clearance and who lives a commutable distance to the client sites in the DC area.
 

 

Preferred Qualifications:

Security Control Assessor intermediate certifications:

o CCISO, CISSP, or CISSP-ISSEP

o CISA, or CISM

o CPTE or CySA+

o FITSP-A

o GCSA, GSLC, or GSNA

 

Information System Security Manager (ISSM)

o SASP, SSCP

o CCISO, CCSP, CISSP-ISSMP

o CGRC/CAP

o CISM

o CompTIA: Cloud+, Security+ CE, Security X,

o FITSP-M

o SANS: GCIA, GCIH,GCSA, GICSP, GSEC, or GSLC

 

About NTT DATA

NTT DATA is a $30 billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long term success. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure and connectivity. We are one of the leading providers of digital and AI infrastructure in the world. NTT DATA is a part of NTT Group, which invests over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. Visit us at us.nttdata.com

Whenever possible, we hire locally to NTT DATA offices or client sites. This ensures we can provide timely and effective support tailored to each client’s needs. While many positions offer remote or hybrid work options, these arrangements are subject to change based on client requirements. For employees near an NTT DATA office or client site, in-office attendance may be required for meetings or events, depending on business needs. At NTT DATA, we are committed to staying flexible and meeting the evolving needs of both our clients and employees. NTT DATA recruiters will never ask for payment or banking information and will only use @nttdata.com, @nttdatafed.com and @talent.nttdataservices.com email addresses. If you are requested to provide payment or disclose banking information, please submit a contact us form, https://us.nttdata.com/en/contact-us.

NTT DATA endeavors to make https://us.nttdata.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at https://us.nttdata.com/en/contact-us. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here. If you'd like more information on your EEO rights under the law, please click here. For Pay Transparency information, please click here.

Confirmar seu email: Enviar Email