Information System Security Officer (ISSO) - SME - DHS

The ISSO serves as the principal advisor to the DHS Geospatial Information Infrastructure (GII) System Owner. This position provides security guidance, oversight, and technical expertise based on Department of Homeland Security (DHS) directives, policies, and standards. The ISSO ensures that security controls are implemented, maintained, and compliant with all DHS security requirements and the GII Security Plan (SP).

The ISSO operates under the authority of the System Owner (SO), a government employee, and is responsible for ensuring the continuous monitoring, assessment, and documentation of system security across all environments supporting DHS geospatial systems.

Key Responsibilities

• Serve as the principal security advisor to the GII System Owner.

• Ensure implementation and maintenance of security controls in accordance with DHS policies and the GII Security Plan.

• Perform Information Security Continuous Monitoring (ISCM), including:

  • Automated security management and credentialed scans.

  • Review and adjudication of findings from continuous monitoring and mitigation activities.

• Support assessment, authorization, certification, and accreditation activities (ATO/ATC).

• Execute Plan of Actions and Milestones (POA&M) and remediation processes per DHS MD 4300A.

• Update the Contingency Plan annually, execute it, and report on outcomes.

• Review Change Control Board (CCB) submissions for security compliance.

• Create and update (but not finalize) key artifacts, such as:

  • Memorandum of Agreements (MOAs)

  • Interconnection Security Agreements (ISAs)

  • Privacy Threshold Assessments (PTAs)

  • Privacy Impact Assessments (PIAs)

• Respond to Information Security Vulnerability Management (ISVM) notifications.

• Monitor and report on system security posture, ensuring compliance with DHS Sensitive System Policy (MD 4300A).

• Support DHS cyber investigation and data call responses related to system security.

• Ensure compliance with Federal Information Security Modernization Act (FISMA) and DHS directives.

Required Experience

The SOW specifies that the ISSO must meet or exceed the GTSS 3.0 “Information System Security Officer” labor category standards. While the document does not include the exact GTSS labor category details, these positions typically require:

• Minimum of 7–10 years of IT security or cybersecurity experience.

• At least 3–5 years of experience specifically as an ISSO or in an equivalent federal security compliance role.

Required Certifications

The ISSO must be qualified and credentialed in alignment with DHS 4300A Sensitive Systems Policy, which implies one or more of the following certifications (based on DHS and DoD 8570.01-M standards):

• Certified Information Systems Security Professional (CISSP)

• Certified Information Security Manager (CISM)

• Certified Authorization Professional (CAP)

• CompTIA Security+ CE

• GIAC Security Essentials (GSEC)

Required Tools & Technologies

The ISSO role requires familiarity and practical experience with:

• DHS ISCM tools (e.g., Swimlane, Tenable/Nessus, Splunk, or equivalent SIEM tools).

• Vulnerability Management Systems (for ISVM response).

• Change Management Systems (e.g., ServiceNow, Jira).

• Plan of Action & Milestone (POA&M) tracking and reporting tools.

• Compliance Frameworks: NIST SP 800-37, 800-53, 800-137, FISMA.

• Documentation & Reporting Tools: Microsoft Office Suite, Confluence, or DHS-provided templates.

• Cloud Environments: AWS (federal GovCloud), ESRI Geospatial Cloud integration, and DHS enterprise networks.