Information System Security Officer - ISSO

JFR Staffing

Information System Security Officer - ISSO

Neptune, NJ
Full Time
Paid
  • Responsibilities

    Information System Security Officer (ISSO)

    Location: Wall Township, NJ | Reports to: CISO | Clearance: U.S. Person required; ability to obtain Public Trust preferred

    About the Role

    911inform is seeking an Information System Security Officer (ISSO) to serve as the day-to-day security steward of our FedRAMP Moderate authorized SaaS platform. The ISSO is the hands-on owner of the System Security Plan (SSP), continuous monitoring (ConMon), POA&M management, and audit evidence collection across our AWS GovCloud and Commercial environments. This role is ideal for a detail-oriented security practitioner who thrives in compliance-driven operations and enjoys turning controls into working processes.

    Key Responsibilities

    System Security Plan (SSP) Ownership — Maintain and update the FedRAMP Moderate SSP, including all narrative sections, appendices (cryptographic modules, ports/protocols, interconnections), and supporting attachments.

    Continuous Monitoring (ConMon) — Execute monthly ConMon deliverables: vulnerability scan reports (Tenable), POA&M updates, inventory reconciliation, and significant change requests.

    POA&M Management — Track, prioritize, and drive remediation of findings to closure; coordinate with engineering and IT to meet FedRAMP timelines (30/90/180 days by severity).

    Audit Evidence Collection — Package and submit evidence for FedRAMP, SOC 2 Type II, and ISO 27001 audits; maintain Vanta and SharePoint-based evidence libraries.

    Access Reviews — Conduct quarterly access reviews across AWS (Commercial + GovCloud), M365 GCC, MongoDB Atlas for Government, CrowdStrike, Tenable, Action1, Jira, and other in-boundary systems.

    Vulnerability & Endpoint Oversight — Monitor Tenable Nessus, CrowdStrike Falcon, and Action1 coverage; investigate agent reporting gaps and orphaned endpoints.

    Incident Response Support — Maintain the IR Plan, support tabletop exercises, complete Appendix B incident collection forms, and assist in real-world investigations (e.g., supply chain events).

    Policy & Procedure Maintenance — Keep Access Control, Privileged Access, Data Management, Incident Response, Secure SDLC, and Third-Party Management policies current and audit-ready.

    Third-Party / Vendor Risk — Onboard new vendors, review DPAs/SLAs/SOC 2 reports, maintain the vendor risk register, and route critical-risk acceptances to the CFO per policy.

    Control Implementation Support — Partner with engineering on NIST 800-53 Rev. 5 control implementation, particularly AC, AU, CM, CP, IR, RA, SC, and SI families.

    Required Qualifications

    3–5+ years in information security, compliance, or GRC roles.

    Working knowledge of NIST 800-53 Rev. 5, FedRAMP Moderate, SOC 2, and ISO 27001.

    Hands-on experience with AWS (GovCloud a plus), Microsoft 365 (GCC a plus), and at least one EDR/VM platform (CrowdStrike, Tenable, Defender).

    Experience writing and maintaining SSPs, POA&Ms, and audit evidence.

    Strong written communication — able to produce audit-ready narratives and executive summaries.

    Preferred Qualifications

    CISSP, CISA, CAP, CCSP, Security+, or equivalent.

    Prior experience supporting a FedRAMP authorization or 3PAO assessment.

    Familiarity with Vanta, Drata, or similar GRC automation tools.

    Background in public safety, 9-1-1, telecom, or critical infrastructure SaaS.

    Benefits:

    • Health insurance
    • Paid time off

    Work Location: In person