Information System Security Officer, (ISSO) - Level 4

Information System Security Officer (ISSO) – Level 4

Position SummaryThe Information System Security Officer (ISSO) – Level 4 serves as the Subject Matter Expert (SME) and highest-level advisor supporting DISA IE cybersecurity compliance under the CTAS Task Order. This position is responsible for addressing the most complex accreditation challenges, developing innovative remediation and waiver strategies, and guiding enterprise-level policy decisions. The ISSO – Level 4 frequently interfaces with senior Government leadership, represents the contractor team in high-level governance forums, and ensures that DISA systems are positioned for long-term compliance with evolving DoD cybersecurity policies and frameworks. This role sets the standard for ISSO practices across the task order by authoring policies, leading accreditation efforts, and mentoring senior ISSOs.

ResponsibilitiesThe ISSO – Level 4 performs high-level compliance, risk management, and advisory functions with enterprise impact. Key responsibilities include:

• Serving as the senior technical and compliance authority for RMF accreditation packages, including renewal strategies, waiver requests, and residual risk acceptance documentation.
• Leading the development of complex enterprise accreditation packages across multiple enclaves, ensuring completeness, accuracy, and submission within required timelines.
• Authoring policy white papers, SOPs, and TTPs to standardize ISSO practices across the DISA Directorate and improve audit readiness.
• Providing advanced Configuration Management (CM) analysis for system changes, assessing the security impact of major updates and advising ISSMs and AOs.
• Analyzing and addressing complex or high-risk vulnerabilities, providing authoritative recommendations for remediation or risk acceptance.
• Acting as senior technical lead during CCRI, SAV, CVPA, and AA inspections, briefing findings and enterprise-level corrective strategies to Government leadership.
• Mentoring Level 2 and Level 3 ISSOs, ensuring consistent application of RMF and policy interpretation across the contractor team.
• Representing DISA IE in governance and compliance forums, advocating for risk decisions that balance mission assurance and cybersecurity requirements.
• Researching and drafting recommendations for emerging DoD and NIST cybersecurity policies, ensuring DISA remains at the forefront of compliance and risk management practices.

Required Qualifications

• Master's degree in Cybersecurity, Information Systems, or related field (preferred).
• Must hold and maintain an appropriate DoD 8140.03 / 8570.01-M certification baseline for this labor category (e.g., Security+, CISSP, CISM, or equivalent as required).
• Minimum 10 years of progressive experience in cybersecurity engineering, risk management, and RMF/DIACAP support for DoD systems.
• Demonstrated expertise in DISA STIG/SRG compliance, CCRI readiness, and eMASS package development.
• Proven experience drafting white papers, policy recommendations, and presenting findings to senior Government leadership.

Desired Qualifications

• CISSP-ISSAP, CISSP-ISSEP, or equivalent advanced certifications.
• Direct experience supporting DISA IE systems and enterprise-level compliance initiatives.
• Expertise in developing waiver requests, risk acceptance documentation, and governance policies.

Clearance RequirementActive Top Secret / SCI clearance, with NATO Secret eligibility if required for supported mission systems.