Sr. Information Systems Security Officer (ISSO)

Tyto Athene, LLC

Washington, Washington, DC

JOB DETAILS
SALARY
$120,000–$130,000 Per Year
JOB TYPE
Full-time
SKILLS
Access Authorization, Analysis Skills, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cloud Computing, Communication Skills, Computer Security, Configuration Management, Contingency Plans, Continuous Integration, Corrective Action, Cross-Functional, Customer Relations, Customer Support/Service, Defense Intelligence, Detail Oriented, Documentation, FISMA - Federal Information Security Management Act, Federal Government, Federal Laws and Regulations, Government, High School Diploma, Hybrid Cloud, ISO (International Organization for Standardization), ITIL (IT Infrastructure Library), Incident Response, Information/Data Security (InfoSec), Internet Security, Leadership, Leading Edge Technology, Maintain Compliance, Management of Information Systems/Technology (MIS), Multitasking, Nessus, Organizational Skills, Policy Development, Presentation/Verbal Skills, Privacy Controls, Privacy Regulations, Process Development, Process Improvement, Project Management Professional (PMP), Public Safety, Publications, Regulatory Compliance, Regulatory Requirements, Risk, Risk Analysis, Risk Management Framework (RMF), Safety/Work Safety, Security Analysis, Security Policy, ServiceNow, Software Development Lifecycle (SDLC), Standard Operating Procedures (SOP), Team Player, Technical Presentation, Technical Writing, Testing, Time Management, U.S. National Institute of Standards and Technology (NIST), United States Citizen, Vulnerability Scanners, Writing Skills
LOCATION
Washington, Washington, DC
POSTED
12 days ago
Description:

Tyto Athene is seeking a Sr. Information Systems Security Officer (ISSO) to support a federal customer in Washington, DC. We are looking for a highly organized, proactive, and customer-focused cybersecurity professional who excels at building trusted relationships, communicating with both technical and executive stakeholders, and independently driving complex initiatives to successful completion.

The ideal candidate thrives in a fast-paced environment, embraces ownership and accountability, and consistently delivers high-quality work while balancing customer needs with federal security and privacy requirements. In this role, you will serve as a trusted advisor to government customers while leading information security, privacy, and Governance, Risk, and Compliance (GRC) activities to ensure federal systems remain secure, compliant, and mission-ready.

Responsibilities:

  • Lead and support information system security responsibilities throughout the Risk Management Framework (RMF) lifecycle, including Authorization to Operate (ATO), continuous monitoring, and integration of security, privacy, and legal requirements.
  • Develop, maintain, and present security authorization packages and supporting documentation in accordance with client requirements and NIST SP 800-53, including SSPPs, RARs, SAPs, SARs, POA&Ms, contingency and incident response plans, SOPs, configuration management plans, STIG deviations, and related artifacts.
  • Own security and privacy initiatives from planning through completion by proactively managing tasks, driving remediation efforts, validating corrective actions, and ensuring deliverables are completed accurately and on schedule.
  • Perform security and privacy risk assessments, analyze vulnerability scan results, recommend risk-based solutions, and support continuous monitoring activities across applications, infrastructure, and databases.
  • Serve as a trusted cybersecurity advisor to Contracting Officer Representatives (CORs), system owners, business stakeholders, and technical teams by communicating complex security and privacy requirements clearly, professionally, and with a customer-focused approach.
  • Develop, coordinate, test, and maintain contingency planning, incident response, privacy, and continuity activities, including PTAs, PIAs, HVA support, privacy training, and privacy-by-design integration throughout the System Development Life Cycle (SDLC).
  • Develop and maintain privacy policies, directives, SOPs, and operational guidance while ensuring compliance with applicable federal privacy laws, OMB guidance, NIST publications, CJIS Security Policy, and Legislative Branch requirements.
  • Build strong cross-functional relationships while managing multiple concurrent priorities in a fast-paced environment, identifying process improvements, and maintaining exceptional attention to detail across all security and compliance activities.
  • Coordinate with internal and external stakeholders to support audits, agency data calls, reporting requirements, asset inventories, and other compliance initiatives.
Qualifications:

Required:

  • Bachelor's degree and at least four (4) years of relevant experience supporting cybersecurity, information assurance, or Governance, Risk, and Compliance (GRC) activities within the NIST Risk Management Framework (RMF) lifecycle.
    • High school diploma with 8 years of experience in Functional Responsibility area may be substituted for a Bachelor’s Degree
    • PMP, ISO 27001, or CISM certifications equate to 3 years of experience in Functional Responsibility each
    • ITIL, CISSP, or other relevant IT management certifications equate to 2 years of general experience each
  • Knowledge of and proficiency in federal government privacy programs, including the Privacy Act of 1974, the E-Government Act of 2002, and related federal privacy laws and regulations.
  • Demonstrated understanding of information privacy principles, including information access, release of information, and implementation of privacy controls for electronic and non-electronic information.
  • Experience supporting Cybersecurity Awareness Training (CSAT) privacy initiatives, including training development, effectiveness evaluation, and privacy awareness programs.
  • Experience with HR privacy and behavioral privacy considerations related to workforce data and monitoring activities.
  • Thorough knowledge of FISMA, NIST RMF, Security and Privacy Assessment & Authorization (SPA&A), NIST publications, OMB circulars and memoranda, and CNSS guidance.
  • Strong written and verbal communication skills with experience developing technical documentation, presenting complex security and privacy concepts to technical and non-technical audiences, and building trusted relationships with Contracting Officer Representatives (CORs), government leadership, and cross-functional stakeholders.
  • Demonstrated ability to lead end-to-end security and compliance initiatives by proactively managing competing priorities, driving deliverables to completion, and exercising sound judgment in a fast-paced, customer-focused environment.
  • Highly organized, detail-oriented, and self-motivated with strong analytical and critical thinking skills, a commitment to producing audit-ready documentation, and the ability to identify process improvements while balancing customer service with regulatory compliance.

Desired:

  • CRISC, CAP, CISSP, or equivalent
  • Experience with FedRAMP and cloud service providers
  • Experience with CSAM and ServiceNow
  • Experience with vulnerability assessment tools such as Nessus and/or Qualys
  • Policy writing background is highly preferred

Clearance:

  • US Citizen with Public Trust eligibility required

Location:

  • On-site contract with Hybrid allowance in Washington DC a minimum of two days a week (Tuesday and Thursday) but can be increased based on customer needs.
About Tyto Athene:

Compensation:

  • Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically between $120,000-$130,000. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.

Benefits:

  • Highlights of our benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave.

 

Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation that drives measurable success. Our expertise spans four core technology domains—Network Modernization, Hybrid Cloud, Cybersecurity, and Enterprise IT—empowering our clients with cutting-edge solutions tailored to their evolving needs. With over 50 years of experience, Tyto Athene proudly support Defense, Intelligence, Space, National Security, Civilian, Health, and Public Safety clients across the United States and worldwide. 
 
At Tyto Athene, we believe that success starts with our people. We foster a collaborative, innovative, and mission-driven environment where every team member plays a critical role in shaping the future of technology. Are you ready to join #TeamTyto? 
 
Tyto Athene, LLC is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, [sexual orientation, gender identity,] national origin, disability, status as a protected veteran, or any characteristic protected by applicable law.

About the Company

T

Tyto Athene, LLC