Information System Security Officer (ISSO) – Assessment & Authorization (A&A)

Description

Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments.

This contract Information System Security Officer (ISSO) role supports a large federal agency’s Assessment & Authorization (A&A) program, helping protect enterprise IT systems and applications—including cloud computing environments—by ensuring security controls, risk decisions, and compliance documentation meet required standards. The ISSO will lead and coordinate security assessments across multiple large, complex initiatives; implement and validate controls; conduct risk assessments; and drive accreditation activities using NIST RMF and ISO standards, along with Governance, Risk, and Compliance (GRC) tools and network/vulnerability scanning technologies. This role requires seasoned IT security expertise, hands-on technical skills, and strong communication and planning abilities to guide stakeholders and brief executives. It's a high-impact opportunity to shape security authorization outcomes within a major federal agency.

This is a multi-year contract position involving a large US federal agency. Candidates with previous federal contracting experience are preferred. U.S. Citizenship or Permanent Residency required. If hired, all work related to this role must be performed within the continental U.S.

Responsibilities:

• Manage security assessments for a variety of applications and domains, including cloud computing environments
• Lead multiple large, complex, high-risk security assessment initiatives concurrently
• Implement security controls and verify control effectiveness in alignment with NIST RMF and ISO standards
• Conduct risk assessments and document compliance measures to meet organizational and regulatory requirements
• Evaluate, validate, and support documentation required for A&A and accreditation activities for new and existing IT systems
• Ensure appropriate treatment of risk, compliance, and assurance from internal and external perspectives
• Support development of actionable security blueprints, principles, models, designs, standards, and guidelines
• Apply security architecture principles and best practices to help design and maintain secure IT infrastructures aligned to A&A policies
• Use network and vulnerability scanning tools to interrogate systems for configuration and security status
• Utilize GRC tools to manage and track A&A workflows, artifacts, and approvals
• Serve as an A&A subject matter expert, providing guidance to stakeholders, business units, and new A&A resources
• Build and maintain schedules and step-by-step action plans; brief cross-functional teams and executives on status and risk

Requirements

• Experience managing security assessments across multiple applications/domains, including cloud computing

• Demonstrated proficiency implementing security controls and conducting risk assessments

• Demonstrated proficiency documenting compliance measures based on NIST RMF and ISO standards

• Demonstrated experience evaluating and supporting A&A documentation, validation, and accreditation activities for IT systems

• Demonstrated ability to ensure appropriate treatment of risk, compliance, and assurance from internal and external perspectives

• Experience supporting development of security blueprints, standards, guidelines, and architecture-aligned security designs

• Experience with network and vulnerability scanning tools/technologies to assess system configuration and status

• In-depth understanding of security architecture principles and best practices for secure IT infrastructure

• Demonstrated proficiency using GRC tools to manage A&A processes

• Strong organizational skills, including building schedules and step-by-step action plans

• Effective communication and collaboration skills, including ability to brief executives

• U.S. Citizenship or Permanent Residency required; all work must be performed within the continental U.S.

Skill(s)

• NIST Risk Management Framework (RMF) and security control implementation

• ISO security/compliance standards and audit-ready documentation

• Assessment & Authorization (A&A) lifecycle execution and accreditation support

• Governance, Risk, and Compliance (GRC) tooling and workflow management

• Vulnerability and configuration assessment using scanning tools

• Security architecture analysis and secure design guidance

• Program/project organization, scheduling, and action-plan development

• Stakeholder management across business units and technical teams

• Executive-level briefing and written communication

• Ability to operate effectively across multiple concurrent, high-complexity initiatives

Benefits

• Insurance – health, dental, and vision

• Paid Time Off (PTO) and 11 Federal Holidays

• 401(k) employer match