GRC Analyst / Information System Security Officer (ISSO) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Core One · 4 months ago

GRC Analyst / Information System Security Officer (ISSO)

positionMcLean, VA
timeFull-time
remoteOnsite
senioritySenior Level
date5+ years exp

Core One is a dynamic company focused on providing analytical, operational, and technical solutions to national security challenges. They are seeking a Governance, Risk, and Compliance Analyst / Information System Security Officer (ISSO) to implement cybersecurity controls and ensure compliance with federal regulations. This role involves managing risk management framework (RMF) processes and collaborating with various stakeholders to maintain security standards.

ConsultingManagement ConsultingTraining
badNo H1BnoteSecurity Clearance Requirednote

Responsibilities

Lead and execute activities across all RMF phases (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor)
Develop, review, and maintain accreditation artifacts including System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessments, and POA&Ms
Monitor compliance with NIST 800-53, 800-171, ICD 503, FedRAMP, FISMA, and agency-specific policies. Prepare for and support audits, inspections, and assessments
Conduct vulnerability scanning, compliance checks, risk assessments, and remediation tracking using tools such as Nessus or Tenable.sc
Create and maintain security documentation, continuous monitoring strategies, incident response plans, and compliance reports. Provide briefings and status updates to leadership and Authorizing Officials
Collaborate with system owners, engineers, and developers to ensure security is integrated into design, development, and operations
Support investigation, response, and remediation of security incidents
Manage account recertifications, access reviews, and deliver security awareness training at the system level
Serve as the primary cybersecurity point of contact for assigned systems, ensuring clear communication with internal and external stakeholders

Qualification

NIST RMFCybersecurity complianceVulnerability managementSecurity documentationRisk assessmentsContinuous monitoringFederal regulationsAnalytical skillsCommunicationProject managementTeam collaborationOrganizational skills

Required

Active TS/SCI with Polygraph
Bachelor's degree in Cybersecurity, Information Systems, or related field (or equivalent experience)
5+ years of experience in cybersecurity, governance, risk, compliance, or security engineering roles with at least 3 years working under Sponsor A&A guidelines
Direct experience with NIST RMF (NIST 800-53), ICD 503, FedRAMP, or CMMC assessment and authorization processes
Hands-on experience with developing/maintaining ATO packages, POA&Ms, and compliance artifacts
Working knowledge of vulnerability management, secure enclave architecture, boundary defense, and continuous monitoring
Strong written and verbal communication skills, with experience preparing compliance documentation for federal stakeholders
Ability to operate independently, manage multiple priorities, and engage effectively with diverse teams
Active TS/SCI with Polygraph
Bachelor's degree in Cybersecurity, Information Systems, or related field (or equivalent experience)
8+ years of experience in cybersecurity, governance, risk, compliance, or security engineering roles with at least 5 years working under Sponsor A&A guidelines
Extensive experience with NIST RMF (NIST 800-53), ICD 503, FedRAMP, and other federal assessment and authorization processes
Demonstrated ability to lead the development and review of SSPs, SARs, POA&Ms, Risk Assessments, and Continuous Monitoring Plans
Expertise with vulnerability management tools (e.g., Nessus, Tenable.sc) and compliance scanning
Strong program/project management skills, particularly in audit preparation and compliance readiness
Proven ability to collaborate with cross-functional technical teams and engage with federal authorizing officials
Exceptional written and verbal communication skills, with experience producing customer-facing compliance documentation

Preferred

Knowledge of secure cloud and SaaS environments, including logging/monitoring, encryption, and access controls
Familiarity with DevSecOps, CI/CD, and container security practices
Experience administering Windows Server or Linux environments
Professional certifications such as CAP, NIST Cybersecurity Framework 800-53 Practitioner, NIST Cybersecurity Framework 800-171 Specialist, CISSP, CISM, relevant GIAC certifications, or CISA
Strong organizational and analytical skills with the ability to manage multiple projects in a fast-paced environment

Company

Core One

twittertwitter
company-logo
Core One is the frontier of innovative ideas and creative solutions to solve our nation's most complex challenges.
dateFounded in 2014
location
Sterling, Virginia, USA
people-size201-500 employees
web-link
https://www.coreone.com/

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Joseph Koo
President and Co-Founder
linkedin
leader-logo
Henry Pagoada
Intermediate Computer Network Operations (CNO) Instructor
linkedin

Recent News

Washington Technology
Core One acquires intelligence analysis provider
2025-03-10
Benzinga
Core One In Talks With Multiple Companies To Supply Psilocybin
2023-05-08
Company data provided by crunchbase