Information Systems Security Officer
Not Disclosed•Full-TimeOn-site
location_onOak Ridge, Anderson County, East Tennessee, Tennessee, United States
About the Role
The Information System Security Officer (ISSO) serves as a critical dual-role leader within OIM, acting as both a primary technical authority and a dedicated compliance steward. This position is designed to safeguard OIM's information systems by bridging the gap between technical architecture, day-to-day operations, and governance. The ISSO ensures that every technical solution is secure-by-design and fully compliant with Department of Energy (DOE) and federal requirements.
In this capacity, you will function as a subject matter expert for assigned systems, advocating for System Owners while coordinating cybersecurity activities to align with DOE policies. The role demands a hands-on approach to designing, integrating, and governing the enterprise cybersecurity architecture, ensuring the development of a robust and resilient security posture. You will work closely with Assessment & Authorization (A&A) teams, Vulnerability Management analysts, and engineers to deliver essential cyber authorization services.
Day in the Life
Your work will span the full spectrum of the security lifecycle, from strategic planning to operational execution. You will collaborate with system owners and stakeholders to integrate security requirements throughout the system development lifecycle, conducting thorough risk assessments to identify and prioritize vulnerabilities. A significant portion of your time will be dedicated to managing Plans of Action and Milestones (POA&Ms), ensuring timely remediation of identified weaknesses based on the Level of Effort.
You will serve as the central point of contact for the Authorization to Operate (ATO) process, providing expert guidance to ensure all required artifacts are complete and accurate. This includes drafting and enforcing information security policies, maintaining comprehensive documentation such as System Security Plans and Contingency Plans, and participating in Change Control Board meetings to review privileged access and risk assessments. Additionally, you will represent OIM in interagency security working groups, provide regular security briefings to ISSMs and AODRs, and lead internal audits and inspections of OIM accreditation boundaries.
Hiring Process
Candidates selected for this role will be expected to demonstrate deep expertise in federal security frameworks and GRC tools. The selection process focuses on verifying experience with NIST SP 800 series, FISMA, and Zero Trust Maturity Models, as well as the ability to balance technical architecture with compliance oversight. Successful applicants will be those who can effectively communicate complex security concepts to stakeholders and lead audits and risk assessments.
Equal Opportunity Employer
We are committed to building a diverse and inclusive workforce. OIM considers qualified applicants regardless of background, ensuring that our cybersecurity team reflects the varied perspectives needed to protect critical national infrastructure.
Work location
Work model: On-site
Oak Ridge, Anderson County, East Tennessee, Tennessee, United States
Oak Ridge, Tennessee
Key Responsibilities
- check_circleOversee continuous monitoring and improvement of security controls across diverse information systems
- check_circleConduct thorough risk assessments to identify, analyze, and prioritize security vulnerabilities
- check_circleSupport the Authorization to Operate (ATO) process by ensuring all required artifacts are complete
- check_circleDraft, update, and enforce information security policies, standards, and procedures
- check_circleConduct vulnerability scanning and penetration testing to identify and address security weaknesses
- check_circleProvide regular security briefings to System Owners, ISSMs, and AODRs
- check_circleRepresent OIM in interagency security working groups and committees
- check_circleDevelop and deliver security awareness training to educate users on best practices
- check_circleManage and monitor security configurations for operating systems, networks, and applications
- check_circleManage Plans of Action and Milestones (POA&Ms) to ensure timely remediation of identified weaknesses
- check_circleDesign and govern enterprise cybersecurity architecture to ensure secure-by-design solutions
- check_circleDevelop and maintain comprehensive information security programs aligned with federal mandates
Requirements
- verifiedBachelor's Degree in Computer Science or related field
- verified10+ years of experience in cybersecurity architecture, compliance, or ISSO duties
- verifiedNIST 800-53 Rev 5 and Risk Management Framework knowledge
- verifiedCRISC, CISSP, CISM, or CISSP-ISSAP certification
Nice to Have
Advanced Degree in Computer Science or a related field. Ability to balance technical architecture with compliance oversight. Strong communication skills for briefings, reporting, and stakeholder engagement. Experience leading audits, inspections, and risk assessments. Expertise in disaster recovery, COOP planning, and incident response. Strategic mindset with adaptability to emerging technologies and evolving threats.
