Lead ISSO Manager

Responsibilities

• Serve as the principal advisor to senior SSD leadership on all cybersecurity and compliance matters for an assigned portfolio of major applications, general support systems, and/or cloud environments (FISMA-based, FedRAMP, Guaranty Agency, and Partner systems, etc.).
• Lead, mentor, and supervise the contractor team of ISSOs and junior security analysts.
• Oversee the full Risk Management Framework (RMF) lifecycle (NIST SP 800-37) for all assigned systems, including categorization, control selection, implementation, assessment, authorization, and continuous monitoring.
• Develop, maintain, and enforce the organization's System Security Plans (SSP), Security Assessment Reports (SAR), Plans of Action & Milestones (POA&M), Contingency Plans, Incident Response Plans, and Configuration Management Plans.
• Coordinate and manage independent Security Controls Assessments (SCA) performed by third-party assessors (3PAO) and internal red/white teams; review and approve final assessment reports and evidence artifacts.
• Track, validate, and drive remediation of all POA&Ms to closure within FSA and DOED established timelines; escalate overdue high/critical findings to executive leadership.
• Ensure 100% compliance with federal mandates including FISMA, Executive Order 14028, OMB M-22-09 (Zero Trust), CISA Binding Operational Directives (BODs), and NIST SP 800-53 Rev 5 baseline, inherited, and common controls where applicable.
• Review and approve all change requests, configuration changes, and new technology introductions from a security and compliance perspective.
• Act as the primary point of contact for security incident response and investigation activities.