Information Systems Security Officer

Summary

Join LightFeather as an experienced Information Systems Security Officer in our Washington DC office. This hybrid role requires ensuring adherence to federal cybersecurity frameworks and regulatory requirements for a portfolio of applications and platforms. You will collaborate with cross-functional teams to achieve and maintain Authorization to Operate (ATO) status. The ideal candidate possesses a deep understanding of NIST SP 800-53 Rev. 5, FISMA, FedRAMP, RMF, and agency-specific compliance mandates. Responsibilities include managing security governance, risk compliance, and documentation. This is a full-time, remote position.

Requirements

• US Citizenship
• Bachelor’s degree in Computer Science, Cyber Security, Information Systems, or a related field
• CompTIA Security+ (required) and at least one additional certification such as CISSP, CISA, CISM, CGRC (formerly CAP), GIAC certifications (GSEC, GSLC, GSTRT, etc.)
• Minimum 5 years of experience in IT compliance, security governance, risk management, or related roles within federal environments
• Proven experience achieving and maintaining ATO status for enterprise platforms, cloud environments, and custom applications
• Hands-on expertise in compliance frameworks such as NIST SP 800-53, FedRAMP, FISMA, RMF, and federal IT security policies
• Strong proficiency in security documentation and GRC platforms (XACTA, eMASS, Archangel, CSAM, ServiceNow GRC, or similar tools)
• Experience conducting risk assessments, security control testing, and vulnerability management
• Familiarity with cloud security compliance (AWS, Azure, Google Cloud) and security frameworks such as CMMC, FedRAMP, and TIC 3.0

Responsibilities

• Develop, implement, and maintain security policies, standards, and procedures to ensure compliance with federal mandates, including NIST SP 800-53 Rev. 5, FISMA, FedRAMP, RMF, and agency-specific frameworks
• Lead the preparation, submission, and management of ATO packages for cloud and on-premises systems using GRC (Governance, Risk, and Compliance) tools such as XACTA, eMASS, and Archangel
• Conduct and support Security Control Assessments (SCAs), vulnerability assessments, and compliance audits
• Perform continuous monitoring and ensure implementation of security controls per NIST SP 800-137
• Conduct system security assessments, risk analyses, and vulnerability scans using tools such as Nessus, Tenable, Qualys, and OpenSCAP
• Work with engineering teams to identify security weaknesses, develop Plans of Action and Milestones (POA&Ms), and track remediation efforts
• Advise leadership on risk management strategies, security gaps, and mitigation measures in accordance with CISA, OMB, and agency-specific guidelines
• Develop and maintain System Security Plans (SSPs), Risk Assessment Reports, Continuous Monitoring Plans, and other compliance-related artifacts
• Ensure security documentation meets compliance requirements and is regularly updated in XACTA, eMASS, or Archangel
• Provide regular reports and briefings to senior leadership, stakeholders, and external auditors on compliance activities
• Maintain thorough audit trails and security documentation to support compliance investigations and assessments
• Serve as the compliance subject matter expert (SME) for application development, platform engineering, and federal program management teams
• Facilitate collaboration between internal teams and external auditors during security assessments, including IG, GAO, DHS CDM, and agency security teams
• Stay updated on evolving compliance regulations, Executive Orders (EOs), and OMB mandates to ensure continuous alignment with federal cybersecurity policies

Preferred Qualifications

• Experience managing multiple ATO packages concurrently across low-code/no-code platforms, custom enterprise applications, and hybrid cloud environments
• Expertise in transitioning systems to Ongoing Authorization (OA) models and directing continuous monitoring programs for technical controls
• Knowledge of federal compliance processes, including utilization of Archangel and XACTA for GRC functions

Benefits

This is a Full Time, Remote