Modus21, LLC.
Information System Security Officer (ISSO) with Security Clearance
Modus21, LLC., North Charleston, South Carolina, United States, 29405
Information System Security Officer (ISSO) with Security Clearance
Position Title: Information System Security Officer (ISSO)
Status: Permanent
Location: Charleston, SC or New Orleans, LA (on-site)
Company: Modus21, LLC – a Charleston, South Carolina based small business and technology consulting firm specializing in solving complex business problems for global business and government clients.
Scope of Work: The Naval Information Warfare Center Atlantic (NIWC LANT) Cloud Computing Innovation, Transformation, and Integration (CLOUD CITI) Division is tasked with providing hosting environments and platforms for Navy applications, as well as other DoD and Homeland Security (HLS) applications utilizing both Component Enterprise Data Centers (CEDCs) and Commercial Cloud Service Providers (CSPs) as hosting platforms. The Information System Security Officer (ISSO) serves as the senior cybersecurity authority within the ServiceNow as a Service (SNaaS) program under the Cloud CITI initiative. This position ensures that the SNaaS platform meets and maintains all security and compliance requirements under the Risk Management Framework (RMF) to support the program’s ATOaaS authorization.
Responsibilities
Security Lead Functions : Primary author and custodian of all RMF security documentation and program representative for governance activities including Change Control Boards (CCB), Request for Change (RFC) processes, and cyber-related incident and risk management reviews. Bridges gap between technical implementation, customer security requirements, and enterprise risk management.
Security Artifact Development & Management : Author, maintain, and version‑control all RMF security documentation (e.g., SSPs, SARs, POA&Ms). Conduct detailed technical risk assessments for all ServiceNow version upgrades and platform changes. Compile and validate comprehensive evidence packages to support NIST 800‑53 control compliance and eMASS submissions.
Governance & Stakeholder Engagement : Serve as principal technical security representative in governance forums (CCB, ISSM briefings, RMF reviews). Present, defend, and document all change requests and risk justifications. Liaise directly with enterprise RMF teams to ensure accurate and timely submission of all authorization materials.
Customer Security Request Management : Lead review and approval process for all customer‑initiated security requests (admin access, new data types, external connections, plug‑ins). Formulate and present the official security position for approval authorities.
Programmatic Security Integration : Advise project managers, developers, and administrators on secure configuration and design practices. Oversee incident response activities and coordinate customer‑facing security communications. Act as the “security conscience” of the SNaaS program to embed compliance across development and operations.
Requirements / Experience
Bachelor’s or Master’s degree in Cybersecurity, Engineering, or related area.
Required Certification(s): Security+, CASP, or CISSP.
Preferred Certification(s): CAP (Certified Authorization Professional), ITIL v4 Foundation, ServiceNow Certified System Administrator (CSA).
7+ years of hands‑on cybersecurity experience with emphasis on RMF system authorization and compliance.
Proven expertise in authoring and managing full RMF packages (SSP, SAR, POA&M).
Deep knowledge of NIST 800‑53 control families and validation process.
Experience with eMASS and governance presentation forums (e.g., CCB).
Strong analytical capability to assess technical risks and translate findings into business terms.
Experience working in a cloud environment.
Ability to operate independently in a fast‑paced, high‑stakes environment.
Familiarity with ServiceNow (particularly ITSM modules) preferred but not required.
Must be a US citizen.
Must hold or be able to obtain a Department of Defense (DoD) Secret Security Clearance.
Seniority Level Mid‑Senior level
Employment Type Full-time
Job Function Information Technology
Industries IT Services and IT Consulting
#J-18808-Ljbffr
Status: Permanent
Location: Charleston, SC or New Orleans, LA (on-site)
Company: Modus21, LLC – a Charleston, South Carolina based small business and technology consulting firm specializing in solving complex business problems for global business and government clients.
Scope of Work: The Naval Information Warfare Center Atlantic (NIWC LANT) Cloud Computing Innovation, Transformation, and Integration (CLOUD CITI) Division is tasked with providing hosting environments and platforms for Navy applications, as well as other DoD and Homeland Security (HLS) applications utilizing both Component Enterprise Data Centers (CEDCs) and Commercial Cloud Service Providers (CSPs) as hosting platforms. The Information System Security Officer (ISSO) serves as the senior cybersecurity authority within the ServiceNow as a Service (SNaaS) program under the Cloud CITI initiative. This position ensures that the SNaaS platform meets and maintains all security and compliance requirements under the Risk Management Framework (RMF) to support the program’s ATOaaS authorization.
Responsibilities
Security Lead Functions : Primary author and custodian of all RMF security documentation and program representative for governance activities including Change Control Boards (CCB), Request for Change (RFC) processes, and cyber-related incident and risk management reviews. Bridges gap between technical implementation, customer security requirements, and enterprise risk management.
Security Artifact Development & Management : Author, maintain, and version‑control all RMF security documentation (e.g., SSPs, SARs, POA&Ms). Conduct detailed technical risk assessments for all ServiceNow version upgrades and platform changes. Compile and validate comprehensive evidence packages to support NIST 800‑53 control compliance and eMASS submissions.
Governance & Stakeholder Engagement : Serve as principal technical security representative in governance forums (CCB, ISSM briefings, RMF reviews). Present, defend, and document all change requests and risk justifications. Liaise directly with enterprise RMF teams to ensure accurate and timely submission of all authorization materials.
Customer Security Request Management : Lead review and approval process for all customer‑initiated security requests (admin access, new data types, external connections, plug‑ins). Formulate and present the official security position for approval authorities.
Programmatic Security Integration : Advise project managers, developers, and administrators on secure configuration and design practices. Oversee incident response activities and coordinate customer‑facing security communications. Act as the “security conscience” of the SNaaS program to embed compliance across development and operations.
Requirements / Experience
Bachelor’s or Master’s degree in Cybersecurity, Engineering, or related area.
Required Certification(s): Security+, CASP, or CISSP.
Preferred Certification(s): CAP (Certified Authorization Professional), ITIL v4 Foundation, ServiceNow Certified System Administrator (CSA).
7+ years of hands‑on cybersecurity experience with emphasis on RMF system authorization and compliance.
Proven expertise in authoring and managing full RMF packages (SSP, SAR, POA&M).
Deep knowledge of NIST 800‑53 control families and validation process.
Experience with eMASS and governance presentation forums (e.g., CCB).
Strong analytical capability to assess technical risks and translate findings into business terms.
Experience working in a cloud environment.
Ability to operate independently in a fast‑paced, high‑stakes environment.
Familiarity with ServiceNow (particularly ITSM modules) preferred but not required.
Must be a US citizen.
Must hold or be able to obtain a Department of Defense (DoD) Secret Security Clearance.
Seniority Level Mid‑Senior level
Employment Type Full-time
Job Function Information Technology
Industries IT Services and IT Consulting
#J-18808-Ljbffr