[Hiring] Information System Security Officer @Huntridge Labs, LLC

Role Description

The Information System Security Officer (ISSO) is responsible for ensuring the security, compliance, and authorization of information systems in accordance with VA and DoD standards. This role focuses on supporting Risk Management Framework (RMF) activities, particularly for medical devices and healthcare IT systems, ensuring compliance with VA Directive 6500, HIPAA, and NIST Special Publications (800-53 Rev. 5 and 800-37).

The ISSO works closely with system owners, engineers, and Authorizing Officials to maintain system security posture, support ATO processes, and ensure continuous monitoring across networked environments.

Key Responsibilities

• RMF & Authorization (ATO) Support
  • Support full lifecycle RMF activities in alignment with NIST 800-37
  • Develop and maintain RMF artifacts including:
    • System Security Plans (SSP)
    • Security Assessment Reports (SAR)
    • Plan of Action & Milestones (POA&M)
  • Coordinate and support Authority to Operate (ATO) and reauthorization efforts
  • Work with Authorizing Officials (AO), ISSMs, and system owners
• Medical Device Security (VA / DoD Focus)
  • Assess cybersecurity risks for network-connected medical devices
  • Ensure compliance with VA 6500 and relevant VA Handbook 6500.x controls
  • Evaluate vendor documentation and security controls for medical equipment
  • Support integration of medical devices into secure VA/DoD networks
  • Collaborate with biomedical engineering and clinical teams on risk mitigation
• Network Security & Architecture
  • Review and understand network architectures supporting enterprise and clinical systems
  • Identify vulnerabilities across networked environments (LAN/WAN/cloud)
  • Ensure proper system boundary definitions and data flow documentation
  • Validate security configurations and segmentation for sensitive systems
• Compliance & Controls Implementation
  • Implement and assess controls aligned with:
    • NIST SP 800-53 Rev. 5
    • VA Directive 6500
    • HIPAA Security Rule
  • Conduct control assessments and continuous monitoring activities
  • Track, manage, and remediate vulnerabilities
• Continuous Monitoring & Risk Management
  • Maintain ongoing system security posture through continuous monitoring
  • Analyze security scan results (e.g., ACAS, Nessus, STIG compliance)
  • Manage and update POA&Ms and risk registers
  • Support incident response and reporting activities as required
• Collaboration & Communication
  • Serve as a liaison between cybersecurity, engineering, and clinical stakeholders
  • Provide security guidance to system owners and project teams
  • Communicate risk posture clearly to leadership and compliance authorities

Qualifications

• Experience as an ISSO, ISSM, or cybersecurity professional in federal environments
• Strong knowledge of:
  • NIST SP 800-53 Rev. 5
  • NIST RMF (800-37)
  • VA Directive 6500 / 6500 series
  • HIPAA security requirements
• Experience with ATO package development and maintenance
• Understanding of network architecture and cybersecurity principles
• Experience supporting DoD or VA systems (highly preferred)
• Familiarity with medical device cybersecurity or healthcare IT systems

Preferred Qualifications

• ServiceNow CAM a HUGE PLUS
• Experience with VA or DoD medical systems / biomedical environments
• Knowledge of FISMA and federal compliance frameworks
• Familiarity with tools such as:
  • eMASS (DoD) or VA equivalent systems
  • Vulnerability scanning tools (ACAS, Nessus)
• Certifications such as:
  • Security+
  • CISSP
  • CAP
  • CISM

Key Strengths

• Strong analytical and risk management skills
• Ability to translate technical risk into business/mission impact
• Effective communicator with cross-functional teams
• Detail-oriented with documentation and compliance focus