ACES Group LLC
NSWCPD Information System Security Officer
ACES Group LLC, Phila, Pennsylvania, United States
GENERAL DESCRIPTION
Active Secret Clearance | Bachelors Degree | 10 Yrs Experience
ACES is seeking an experienced Information System Security Officer (ISSO) to provide comprehensive Risk Management Framework (RMF) support for designated information systems under the Naval Surface Warfare Center Philadelphia Division (NSWCPD) Code 104 Cybersecurity Program. The ISSO will be responsible for executing end-to-end RMF activities, including assessing system security controls, identifying and mitigating cybersecurity risks, and maintaining accurate and compliant system security documentation in accordance with Department of Defense (DoD), Department of the Navy (DON), and NAVSEA cybersecurity policies and directives. ISSO will collaborate closely with the Information System Security Manager (ISSM) to ensure sustained compliance with applicable accreditation standards and continuous monitoring requirements.
Please call or email today if interested (Info@ACESGroup.com / 660-441-1689).
OPPORTUNITY
Contract Length:
5 Years
Work Location:
Philadelphia, PA
Clearance:
Active Secret
Start Date:
Jan/Feb 2026
QUALIFICATIONS
Education/Experience : Bachelors degree in IT or STEM. 6 years of cybersecurity and RMF experience. Certifications: IAT-II or IAM-II (Security+ CE, CISSP, CISM, or equivalent)
Technical : Prepare and submit required security authorization packages, participating in security inspections and audits, and implementing corrective actions to address findings. The role requires staying current with evolving cybersecurity regulations and best practices to ensure continuous protection and accreditation of assigned systems.
PRIMARY RESPONSIBILITIES
Support Information System Security Managers (ISSMs) in executing all duties required under the Risk Management Framework (RMF).
Ensure full compliance with applicable
NAVSEA ,
Department of the Navy (DON) , and
Department of Defense (DoD) cybersecurity policies, standards, and procedures.
Develop, maintain, and update cybersecurity documentation and ensure all system security policies, procedures, and artifacts remain current and accessible to authorized personnel.
Coordinate cybersecurity processes, risk assessments, and security control activities across assigned systems to ensure a consistent and compliant security posture.
Track
Assessment and Authorization (A&A) and
Assess Only (AO)
package status; prepare and deliver progress reports to Program Managers, Information System Owners, and ISSMs.
Manage, maintain, and oversee
Security Plans (SPs) and associated documentation throughout each systems lifecycle.
Maintain and update the
Plan of Action and Milestones (POA&M) , ensuring that identified vulnerabilities are properly tracked, mitigated, and remediated in accordance with RMF guidance.
Assist in identifying and tailoring applicable
security control baselines and overlays
for assigned systems in alignment with NIST SP 800-53 and Navy RMF requirements.
Coordinate security control
validation and assessment activities
with
Navy Qualified Validators (NQVs)
to ensure objective and independent evaluation of implemented controls.
Review and provide feedback on
Risk Management Framework Standard Operating Procedures (RMF SOPs)
and adjudicate
Package Submitting Officer (PSO)
findings to resolve discrepancies.
Register, maintain, and update system authorization packages in
Enterprise Mission Assurance Support Service (eMASS) and ensure continuous accuracy of all entries.
Plan, schedule, and support
security control testing
and
risk assessments , including annual security reviews, vulnerability scans, and configuration compliance checks.
Execute and document
Continuous Monitoring (ConMon)
activities in accordance with the
System-Level Continuous Monitoring (SLCM)
strategy, analyzing results and escalating significant findings.
Correlate and integrate findings from
Developmental Test (DT) ,
Operational Test (OT) ,
Command Cyber Operational Readiness Inspections (CCORI) , and other assessments with relevant RMF controls to ensure comprehensive risk evaluation.
Maintain accurate and current vulnerability information within the
Vulnerability Remediation Asset Manager (VRAM) database, ensuring findings are resolved in a timely manner.
Participate in
change control and configuration management
processes to ensure security considerations are integrated into all system modifications.
Support the preparation of metrics, dashboards, and reports summarizing cybersecurity compliance, control effectiveness, and risk trends for leadership review.
#J-18808-Ljbffr
ACES is seeking an experienced Information System Security Officer (ISSO) to provide comprehensive Risk Management Framework (RMF) support for designated information systems under the Naval Surface Warfare Center Philadelphia Division (NSWCPD) Code 104 Cybersecurity Program. The ISSO will be responsible for executing end-to-end RMF activities, including assessing system security controls, identifying and mitigating cybersecurity risks, and maintaining accurate and compliant system security documentation in accordance with Department of Defense (DoD), Department of the Navy (DON), and NAVSEA cybersecurity policies and directives. ISSO will collaborate closely with the Information System Security Manager (ISSM) to ensure sustained compliance with applicable accreditation standards and continuous monitoring requirements.
Please call or email today if interested (Info@ACESGroup.com / 660-441-1689).
OPPORTUNITY
Contract Length:
5 Years
Work Location:
Philadelphia, PA
Clearance:
Active Secret
Start Date:
Jan/Feb 2026
QUALIFICATIONS
Education/Experience : Bachelors degree in IT or STEM. 6 years of cybersecurity and RMF experience. Certifications: IAT-II or IAM-II (Security+ CE, CISSP, CISM, or equivalent)
Technical : Prepare and submit required security authorization packages, participating in security inspections and audits, and implementing corrective actions to address findings. The role requires staying current with evolving cybersecurity regulations and best practices to ensure continuous protection and accreditation of assigned systems.
PRIMARY RESPONSIBILITIES
Support Information System Security Managers (ISSMs) in executing all duties required under the Risk Management Framework (RMF).
Ensure full compliance with applicable
NAVSEA ,
Department of the Navy (DON) , and
Department of Defense (DoD) cybersecurity policies, standards, and procedures.
Develop, maintain, and update cybersecurity documentation and ensure all system security policies, procedures, and artifacts remain current and accessible to authorized personnel.
Coordinate cybersecurity processes, risk assessments, and security control activities across assigned systems to ensure a consistent and compliant security posture.
Track
Assessment and Authorization (A&A) and
Assess Only (AO)
package status; prepare and deliver progress reports to Program Managers, Information System Owners, and ISSMs.
Manage, maintain, and oversee
Security Plans (SPs) and associated documentation throughout each systems lifecycle.
Maintain and update the
Plan of Action and Milestones (POA&M) , ensuring that identified vulnerabilities are properly tracked, mitigated, and remediated in accordance with RMF guidance.
Assist in identifying and tailoring applicable
security control baselines and overlays
for assigned systems in alignment with NIST SP 800-53 and Navy RMF requirements.
Coordinate security control
validation and assessment activities
with
Navy Qualified Validators (NQVs)
to ensure objective and independent evaluation of implemented controls.
Review and provide feedback on
Risk Management Framework Standard Operating Procedures (RMF SOPs)
and adjudicate
Package Submitting Officer (PSO)
findings to resolve discrepancies.
Register, maintain, and update system authorization packages in
Enterprise Mission Assurance Support Service (eMASS) and ensure continuous accuracy of all entries.
Plan, schedule, and support
security control testing
and
risk assessments , including annual security reviews, vulnerability scans, and configuration compliance checks.
Execute and document
Continuous Monitoring (ConMon)
activities in accordance with the
System-Level Continuous Monitoring (SLCM)
strategy, analyzing results and escalating significant findings.
Correlate and integrate findings from
Developmental Test (DT) ,
Operational Test (OT) ,
Command Cyber Operational Readiness Inspections (CCORI) , and other assessments with relevant RMF controls to ensure comprehensive risk evaluation.
Maintain accurate and current vulnerability information within the
Vulnerability Remediation Asset Manager (VRAM) database, ensuring findings are resolved in a timely manner.
Participate in
change control and configuration management
processes to ensure security considerations are integrated into all system modifications.
Support the preparation of metrics, dashboards, and reports summarizing cybersecurity compliance, control effectiveness, and risk trends for leadership review.
#J-18808-Ljbffr