ASSYST is seeking a highly motivated and experienced Senior Information System Security Officer (ISSO) / PM  in Washington D.C. 

The position requires an Active HHS Security Clearance

This role is critical for ensuring the security, compliance, and successful authorization of federal information systems. The ideal candidate will possess a strong background in federal IT security, extensive experience with the NIST Risk Management Framework (RMF), and proven project management skills. 

The candidate will be responsible for managing the full lifecycle of Security Assessment & Authorization (SA&A) packages, developing comprehensive security documentation, and serving as a trusted security advisor to HHS Departments. 

Location:  Washington D.C. and or Rockville, Maryland (Hybrid)

This position is contingent upon contract award. 


Key Responsibilities:

• Perform project management and compliance measurement of information security documentation during system authorization processes.
• Implement and validate security controls based on system classification and federal standards (e.g., NIST, FISMA).
• Develop, revise, and maintain security documentation including SSPs, CPs, BIAs, CMPs, IRPs, RAs, ERAs, and PIAs.
• Conduct annual system security assessments and support continuous monitoring activities.
• Identify security vulnerabilities and evaluate control effectiveness to maintain system security posture.
• Facilitate mitigation of POA&Ms and support RMF activities across system lifecycle phases.
• Provide customer support for ESS LoB engagements, including review of contract documents and system maintenance recommendations.
• Deliver security documentation and technical artifacts aligned with FIPS 199 impact ratings and agency-specific requirements.
• Serve as alternate ISSO or security advisor for systems with designated ISSOs.
• Coordinate SA&A processes to ensure timely and complete ATO submissions and issue mitigation.
• Participate in risk assessments, risk waiver processes, and configuration/change management activities.
• Support vulnerability management through POA&M tracking, remediation facilitation, and tool usage
• Assist with incident response planning, identification, and reporting of security incidents.
• Provide ISCM support including audit log reviews, backup verification, documentation updates, and annual control assessments.
• Deliver project management support including status reporting, project planning, and meeting facilitation.
• Contribute to FISMA reporting and respond to agency data calls and security exercises.
• Advise senior stakeholders on system risk posture and strategic security decisions.
• Recommend and evaluate new technology solutions for system or program-level security enhancements.
• Review audit trails and system logs to ensure compliance with policy and audit requirements.
• Provide security input on IT service procurement packages and technical documentation.

Required Qualifications:

• Must have active HHS Clearance.
• Demonstrate 8-10 years of IT security experience in the IT security Federal arena as an ISSO or related position;
• Possess Project Management experience of at least 5 to 8 years to include developing and managing project plans and self management of an assigned task. Possibly holds a Project Management Professional (PMP) certification or equivalent.
• Possess applicable certifications and credentials such as Certified Information Systems Security Professional (CISSP) or equivalent by a recognized and reputable organization.
• In-depth knowledge of laws, directives, orders, etc., pertaining to IT security and directing Federal government agencies.
• Understanding of security requirements in various environments to include secured and non-secured.
• Familiarity with general IT security products (hardware, software, and services), technologies, protocols, and best practices as related to SA&A. This would include Cloud Service Providers (CSPs), scanning tools, account administration tools and the like.
• Prior experience writing documentation to satisfy NIST (National Institute of Standards and Technology) guidance, FISMA (Federal Information Security Management Act), FISCAM (Federal Information System Controls Audit Manual), White House Memorandums and other federal regulations.
• Proficient written and oral communications skills.
• Work with System Security personnel to include Engineers and System Administrators to properly document data flows, system architecture, and other necessary diagrams/charts.
• Knowledge and experience with the NIST 800-53 Rev5 or the applicable version released, as well as ability to properly document security control implementation statements.

ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law