Federal Support Information System Security Officer (FSISSO)
Full-time
United States – Must Work East Coast Hours
Primary Purpose and Goal of Role
The Federal Support Information System Security Officer (FSISSO) is responsible for implementing and managing a robust information security program to protect the confidentiality, integrity, and availability of information systems managed by the federal agency. This role blends strategic advisory with technical execution to ensure compliance with relevant federal frameworks and regulations, including NIST, FISMA, FedRAMP, and agency-specific cybersecurity mandates. The FSISSO will lead efforts in risk management, third-party vendor assessments, incident response, security architecture, and policy governance to safeguard federal IT systems and data.
Responsibilities
- Develop, implement, and maintain cybersecurity policies, standards, and procedures aligned with federal regulations (e.g., NIST 800.53, FISMA, FedRAMP).
- Conduct ongoing risk assessments, vulnerability assessments, and compliance audits to ensure proper security posture across information systems.
- Lead and document security assessments and authorization (A&A) packages, working across technical and executive teams to support continuous monitoring and POA&M tracking.
- Manage incident response planning and execution, including forensic analysis, remediation, and root cause investigations.
- Oversee the execution of vulnerability scanning, penetration testing, and third-party vendor risk evaluations, using tools like Nessus.
- Support secure system development and cloud migration efforts (e.g., AWS, Azure), ensuring adherence to DevSecOps and secure SDLC practices.
- Develop and present metrics, compliance dashboards, and executive briefings to senior leadership on the current state of security programs and initiatives.
- Lead cross-team collaboration to align cybersecurity strategies, remediation plans, and policy enforcement with company-wide initiatives.
- Maintain and enhance the security of critical infrastructure systems (e.g., IoT, OT devices) where applicable.
Requirements
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
- 5+ years of experience in federal information security roles, including risk management, incident response, and compliance.
- Proven experience in applying NIST frameworks (800.53, CSF, 800.82), FedRAMP, FISMA, CJIS, HITRUST, and other regulatory baselines.
- Demonstrated expertise in conducting risk and vulnerability assessments, implementing security controls, and developing policy and procedure documentation.
- Experience managing A&A processes, third-party risk programs, and compliance across enterprise systems.
- Familiarity with secure cloud operations in AWS and Azure environments.
- Experience collaborating across departments including engineering, CISO, legal, and audit teams.
- Excellent analytical, communication, and collaboration skills; ability to tailor security messages to both technical and executive audiences.
- Certified Information Systems Security Professional (CISSP) – ISC2 - Preferred
- Microsoft Certified Systems Engineer (MCSE)- Preferred
Quzara LLC is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring based on sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state, or local law.