Job Information
ASM Research, An Accenture Federal Services Company Information System Security Officer (ISSO) in Oak Ridge, Tennessee
The Information System Security Officer (ISSO) plays a critical, dual role in safeguarding OIM's information systems. This position demands a hands-on approach to designing, integrating, and governing the enterprise cybersecurity architecture, while also performing essential ISSO duties for OIM systems and their boundaries. This ensures that every technical solution is secure-by-design and compliant with all DOE and federal requirements. The Architect/ISSO functions as a bridge between technical architecture, day-to-day operations, and governance, acting as both a primary technical authority and a dedicated compliance steward to build and sustain a robust and resilient cybersecurity. The candidate will be involved with Assessment & Authorization and Vulnerability Management teams, including A&A Analysts, A&A Specialists, A&A SMEs, A&A Security Engineers, A&A Architects, Vulnerability Management Analysts, and Vulnerability Management Engineers to deliver the cyber authorization services. Experience with one or more of the following Federal security frameworks (FedRAMP, FISMA, Zero Trust Maturity Model, RMF, and NIST SP 800 series and NIST SP 800-53) and GRC tools (e.g. XACTA, ArchAngel, eMASS, CSAM).
Develop, implement, and maintain comprehensive information security programs in accordance with federal mandates and agency policies.
Oversee the continuous monitoring and improvement of security controls across diverse information systems.
Collaborate with system owners and stakeholders to integrate security requirements throughout the system development lifecycle.
Conduct thorough risk assessments to identify, analyze, and prioritize security vulnerabilities and threats.
Develop and implement risk mitigation strategies and countermeasures to protect sensitive information and critical assets.
Track and manage Plans of Action and Milestones (POA&Ms) to ensure timely remediation of identified weaknesses.
Ensure strict adherence to federal regulations, such as NIST SP 800-53, FISMA, and agency-specific security directives.
Perform ISSO responsibilities for OIM systems and boundaries, serving as the subject matter expert for assigned systems.
Advocate for System Owners, coordinating cybersecurity activities and ensuring alignment with DOE policies and federal requirements.
Provide regular security briefings to System Owners, ISSMs, and AODRs.
Participate in Change Control Board (CCB) meetings, reviewing privileged access requests, risk assessments, and cybersecurity requests.
Support and perform internal audits, inspections, and reviews of OIM accreditation boundaries.
Support the Authorization to Operate (ATO) process by providing expert guidance and ensuring all required artifacts are complete and accurate.
Draft, update, and enforce information security policies, standards, and procedures.
Maintain comprehensive security documentation, including system security plans, contingency plans, and configuration management plans.
Develop and deliver security awareness training to educate users on best practices and compliance requirements.
Evaluate, recommend, and implement security technologies and tools, such as intrusion detection/prevention systems (IDPS), security information and event management (SIEM), and data loss prevention (DLP).
Manage and monitor security configurations for operating systems, networks, and applications.
Conduct vulnerability scanning and penetration testing to identify and address security weaknesses.
Establish and maintain Interconnection Security Agreements (ISAs) and Memoranda of Understanding (MOUs/MOAs) with external partners.
Prepare and review security authorization documentation, including Security Plans (SPs), Privacy Impact Assessments (PIAs), and Contingency Plans (CPs).
Represent OIM in interagency security working groups and committees.
Provide analysis of vulnerability, patch, and configuration data to protect OIM mission systems.
Work with System Owners to develop and remediate POA&Ms, prioritizing based on Level of Effort (LOE).
Recommend corrective actions for risk assessment issues identified during audits or inspections.
Minimum Qualifications
Bachelor’s Degree in Computer Science or a related field or equivalent experience; Advanced Degree preferred.
10+ years of experience in cybersecurity architecture, compliance, or ISSO duties.
Other Job Specific Skills
Deep expertise with SIEM, IDS/IPS, EDR, DLP, ICAM, CDM, and vulnerability management tools.
Strong knowledge of DOE cybersecurity policies, FISMA, NIST 800-53, and federal directives.
Proven experience drafting and maintaining FISMA artifacts and managing A&A processes.
NIST 800-53 Rev 5.
Risk Management Framework.
CRISC (or equivalent), CISSP, CISM, CISSP-ISSAP, or equivalent.
Desired Skills
Ability to balance technical architecture with compliance oversight.
Strong communication skills for briefings, reporting, and stakeholder engagement.
Experience leading audits, inspections, and risk assessments.
Expertise in disaster recovery, COOP planning, and incident response.
Strategic mindset with adaptability to emerging technologies and evolving threats.
Able to build advanced alerts in SIEM
Able to translate events into incident response ticket with full information for SOC lead and provide briefings to leadership
Advanced knowledge of security tools.
Assist Tier 2 and Tier 3 Analyst in incident response
Has above basic Window and Linux CLI skills
Has built understanding of multiple security tools i.e. EDR, IDP, IDS, Firewalls, etc.
Optional certifications:
GIAC Certified Intrusion Analyst (GCIA)
Certified Information System Security Professional or Associate (CISSP or Associate)
ISC2 Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
NIST Cybersecurity Framework (CSF)
FedRAMP Authorization
Tenable Nessus (ACAS)
DISA STIGs
CIS Benchmarks
Compensation Ranges
Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.
EEO Requirements
It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.
All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.
Physical Requirements
The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.
Disclaimer
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.
$82000 - $175k
EEO Requirements
It is the policy of ASM that an individual's race, color, religion, sex, disability, age, gender identity, veteran status, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.
All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, veteran status, disability, gender identity, or age. All decisions on employment are made to abide by the principle of equal employment.