Information Systems Security Officer (ISSO)

Information Systems Security Officer (ISSO) Department: CISO Office Employment Type: Full Time Location: North America Description Armis, the cyber exposure management and security company, protects the entire attack surface and manages an organization's cyber risk exposure in real time. As Armis rapidly scales its growth and commitment to government and regulated markets, we are seeking a highly experienced and technically proficient Information Systems Security Officer (ISSO) to lead the security authorization and continuous monitoring efforts for our cloud platforms. This leadership role is pivotal in ensuring Armis meets the stringent security standards required for the defense and intelligence community. You will join the Armis Governance, Compliance and Risk team and work closely with all engineering and product teams, serving as the primary liaison to the Office of the Chief Information Security Officer (OCISO) and external authorizing bodies. What you'll do: Lead and support the security authorization process for cloud solutions seeking and maintaining FedRAMP and DoD Impact Level (IL) Authorized Unclassified (IL-4, IL-5) and Classified (IL-6) cloud solutions. Serve as the primary ISSO for all designated systems under your purview, managing their security lifecycle from initial design through authorization and sustainment. Author and maintain all required security documentation, including System Security Plans (SSPs), ensuring controls are accurately documented and aligned with implementation. Manage all aspects of FedRAMP and DoD IL Continuous Monitoring (ConMon), including gathering, reviewing, and submitting monthly, quarterly, and annual security artifacts to the appropriate authorizing bodies. Support sustained customer communications and actively participate in Continuous Monitoring Review Meetings with government partners. Drive the process for all FedRAMP and DoD IL Significant Change Requests and minor change requests, ensuring security impact analyses and authorization updates are completed accurately and on schedule. Collaborate with engineering teams to ensure control implementations are technically sound, auditable, and maintain compliance across rapidly evolving cloud and containerized environments. Support the GRC team and provide guidance related to commercial compliance efforts. What we expect: Top Secret Security Clearance & US Citizenship 5+ years of direct experience supporting DoD and/or FedRAMP systems in an Information Security Officer, compliance, or security engineering capacity. Must currently reside in the greater Washington D.C. area or be willing to travel to the area on a regular basis to meet with government and authorization partners. Must be eligible for a Top Secret security clearance (current active clearance preferred) and must maintain DoD 8570 IAM Level III baseline certifications (e.g., CISSP, CISM, GSLC). Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field; equivalent professional experience will be considered in lieu of a degree. Detailed understanding of NIST 800-53 Revision 5 security controls, security requirement traceability matrices (SRTM), and continuous monitoring practices. Detailed understanding of the DISA and FedRAMP significant change request process and authorization lifecycles. Proven experience with AWS services management, security baseline enforcement, and compliance within cloud environments. Working experience with security incident response, event logging, alerting and the related tooling. Experience running Kubernetes in highly regulated environments. Preferred Skills Experience managing security compliance efforts in DoD classified cloud environments. Demonstrated experience with AI implementations and automations specifically targeting federal compliance and evidence generation efforts. Administrator-level knowledge of AWS and Administrator-level knowledge of Linux operating systems. Experience taking a cloud information system through the entire FedRAMP and/or DoD IL authorization process and successfully obtaining an Authorization to Operate (ATO). Experience managing security packages and workflows within government GRC tools such as eMASS. Familiarity with FISMA and CMMC authorization processes. Ability to review Python and understand code as it relates to security controls and automation efforts, and demonstrated ability to write Python scripts to support compliance automation. Experience working with a global team where the majority of team members are remote. Experience working with task planning tools like JIRA and Asana. Experience managing content throughout its lifecycle in the Microsoft Office 365 ecosystem. Project management experience where the key stakeholders are at the executive level. #J-18808-Ljbffr