Information system security officer

GENERAL DESCRIPTION

Active Secret Clearance | Bachelors Degree | 10 Yrs Experience

ACES is seeking an experienced Information System Security Officer (ISSO) to provide comprehensive Risk Management Framework (RMF) support for designated information systems under the Naval Surface Warfare Center Philadelphia Division (NSWCPD) Code 104 Cybersecurity Program. The ISSO will be responsible for executing end-to-end RMF activities, including assessing system security controls, identifying and mitigating cybersecurity risks, and maintaining accurate and compliant system security documentation in accordance with Department of Defense (DoD), Department of the Navy (DON), and NAVSEA cybersecurity policies and directives. ISSO will collaborate closely with the Information System Security Manager (ISSM) to ensure sustained compliance with applicable accreditation standards and continuous monitoring requirements.

Please call or email today if interested ([email protected] / 660-441-1689).

OPPORTUNITY

• Contract Length: 5 Years
• Work Location: Philadelphia, PA
• Clearance: Active Secret
• Start Date: Jan/Feb 2026

QUALIFICATIONS

• Education/Experience : Bachelors degree in IT or STEM. 6 years of cybersecurity and RMF experience. Certifications: IAT-II or IAM-II (Security+ CE, CISSP, CISM, or equivalent)
• Technical : Prepare and submit required security authorization packages, participating in security inspections and audits, and implementing corrective actions to address findings. The role requires staying current with evolving cybersecurity regulations and best practices to ensure continuous protection and accreditation of assigned systems.

PRIMARY RESPONSIBILITIES

• Support Information System Security Managers (ISSMs) in executing all duties required under the Risk Management Framework (RMF).
• Ensure full compliance with applicable NAVSEA , Department of the Navy (DON) , and Department of Defense (DoD) cybersecurity policies, standards, and procedures.
• Develop, maintain, and update cybersecurity documentation and ensure all system security policies, procedures, and artifacts remain current and accessible to authorized personnel.
• Coordinate cybersecurity processes, risk assessments, and security control activities across assigned systems to ensure a consistent and compliant security posture.
• Track Assessment and Authorization (A&A) and Assess Only (AO) package status; prepare and deliver progress reports to Program Managers, Information System Owners, and ISSMs.
• Manage, maintain, and oversee Security Plans (SPs) and associated documentation throughout each systems lifecycle.
• Maintain and update the Plan of Action and Milestones (POA&M) , ensuring that identified vulnerabilities are properly tracked, mitigated, and remediated in accordance with RMF guidance.
• Assist in identifying and tailoring applicable security control baselines and overlays for assigned systems in alignment with NIST SP 800-53 and Navy RMF requirements.
• Coordinate security control validation and assessment activities with Navy Qualified Validators (NQVs) to ensure objective and independent evaluation of implemented controls.
• Review and provide feedback on Risk Management Framework Standard Operating Procedures (RMF SOPs) and adjudicate Package Submitting Officer (PSO) findings to resolve discrepancies.
• Register, maintain, and update system authorization packages in Enterprise Mission Assurance Support Service (eMASS) and ensure continuous accuracy of all entries.
• Plan, schedule, and support security control testing and risk assessments , including annual security reviews, vulnerability scans, and configuration compliance checks.
• Execute and document Continuous Monitoring (ConMon) activities in accordance with the System-Level Continuous Monitoring (SLCM) strategy, analyzing results and escalating significant findings.
• Correlate and integrate findings from Developmental Test (DT) , Operational Test (OT) , Command Cyber Operational Readiness Inspections (CCORI) , and other assessments with relevant RMF controls to ensure comprehensive risk evaluation.
• Maintain accurate and current vulnerability information within the Vulnerability Remediation Asset Manager (VRAM) database, ensuring findings are resolved in a timely manner.
• Participate in change control and configuration management processes to ensure security considerations are integrated into all system modifications.
• Support the preparation of metrics, dashboards, and reports summarizing cybersecurity compliance, control effectiveness, and risk trends for leadership review.