Information Assurance Systems Officer, Information Services jobs in United States
cer-icon
Apply on Employer Site
company-logo

RAND · 1 day ago

Information Assurance Systems Officer, Information Services

positionLA Metro Area
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$121K/yr - $180K/yr
date8+ years exp

RAND is a research organization that supports cybersecurity and risk management initiatives across enterprise unclassified systems. The Information Assurance Systems Officer (IASO) is responsible for protecting information assets, ensuring compliance with cybersecurity requirements, and collaborating with teams to implement security measures.

EducationGovernmentHealth CareMedicalNon Profit
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Develop and maintain System Security Plans (SSPs) and supporting documentation aligned with NIST 800-171 and CMMC practices
Conduct regular security control assessments, perform gap analyses, and update Plans of Action and Milestones (POA&Ms)
Coordinate security authorization and compliance activities across IT systems and applications
Perform ongoing security reviews of applications, infrastructure, and business processes to verify compliance and identify improvements
Recommend remediation strategy, track remediation efforts, and collaborate closely with IT, DevOps, and business teams
Conduct comprehensive cybersecurity audits to ensure compliance with CMMC, DFARS 7012, NIST 800-171, and other relevant regulations
Analyze and assess various data types, including Controlled Unclassified Information (CUI), Controlled Technical Information (CTI), Federal Contract Information (FCI), International Traffic in Arms Regulations (ITAR), and Export Administration Regulation (EAR99)
Collaborate with system and network administrators to ensure audit features are configured and enabled correctly
Conduct third-party/vendor security assessments as part of the procurement and onboarding process
Review supplier security documentation and manage risks associated with external data sharing and service providers
Participate in incident response activities, including documentation, coordination, and lessons learned reviews
Help improve incident detection, containment, and prevention through policy, training, and technical improvements
Utilize GRC tools to document and track risk assessments, policy compliance, and mitigation efforts
Identify and evaluate risks to information assets; assist in the development of risk treatment and remediation plans
Review policy exceptions to assess impact and risk, track approvals, and monitor mitigation within target remediation timeline
Collaborate with internal stakeholders to ensure alignment of technical and administrative controls with risk management strategies
Support the development and rollout of security awareness training to ensure users understand responsibilities and best practices
Ensure training completion and maintain accurate compliance records; other duties as assigned

Qualification

NIST SP 800-171CMMC Level 2Cybersecurity Risk ManagementInformation Assurance certificationsFederal government security processesTechnical background in ITMS Office proficiencyConfluenceJira knowledgeAudit processes familiarityCommunication skills

Required

Minimum 8 years of experience with a BS/BA degree in an IT information security or compliance role in a corporate or government contractor setting. (Minimum 12 years' experience without a BA/BS degree.)
Strong understanding of NIST SP 800-171, CMMC Level 2, and basic DFARS cybersecurity clauses
Extensive knowledge of multiple federal government network security processes and procedures
Technical background with understanding or hands-on experience in Information Technology environments and web technologies
Excellent oral and written communications skills required for correspondence, reports, briefings, and procedures
U.S. Citizenship (required for defense contractor compliance)
Must have the ability to obtain and maintain a security clearance
Cybersecurity Risk Management or Information Assurance related certifications
Proficient in MS Office Applications
Excellent written/verbal communication skills and judgement

Preferred

Professional certifications such as Security+, CISSP, CISA, or CRISC
Familiarity with audit processes, internal controls, and security risk assessments
Knowledge of Microsoft office applications
Working knowledge of Confluence and Jira for task management

Benefits

Health insurance coverage
Life and disability insurance
Savings plan
Paid time-off

Company

RAND

twittertwittertwitter
Glassdoor3.7
company-logo
RAND is a non-profit organization that provides objective research and public policy analysis services.
dateFounded in 1948
location
Santa Monica, California, USA
people-size1001-5000 employees
web-link
http://www.rand.org

Funding

Current Stage
Late Stage
Total Funding
$1.51M
Key Investors
Foundation for Opioid Response EffortsAlfred P. Sloan Foundation
2024-03-07Grant· $0.39M
2013-01-01Grant· $1.12M

Leadership Team

R
Robert Case
Vice President, General Counsel, & Corporate Secretary
linkedin
leader-logo
Michael Leiter
Chair, Board Of Trustees
linkedin

Recent News

GlobeNewswire
RAND Reports Reveal Pre-K Teacher Perspectives on Instructional Materials, Pay, and Technology—Including First National Insights on Generative AI Use
2025-12-16
Crunchbase News
5 Interesting Startup Deals You May Have Missed: Robotic Hands, An Artificial Retina Developed In Space, A GenAI Sticker Printer For Kids, And More
2025-11-14
Crunchbase News
Even Bigger Venture Bucks For Obesity Therapies As Metsera Sells For Up To $10B
2025-11-12
Company data provided by crunchbase