[Contingent] Senior Information Security Analyst (ISSO)

DISCLAIMER: This position is in support of a current government proposal. Employment is contingent upon contract award to phia, LLC. Status: Proposal – Contingent upon Award Location: Hybrid – Washington, DC Metro Area Schedule: Full-time | Core hours 0730–1600 EST, Monday–FridayFocus Areas: ISSO, RMF/ATO, FISMA Compliance, Security Documentation, Privacy, Continuous MonitoringOverviewphia is seeking an experienced Senior Information Security Analyst (ISSO) to provide dedicated ISSO support for a federal client's information systems. This role is responsible for developing, maintaining, and assessing Security Assessment & Authorization (SA&A) packages and supporting the ongoing security and compliance posture of federal IT systems.You will serve as the primary ISSO for assigned federal information systems, managing the full SA&A documentation lifecycle, coordinating with system owners to maintain continuous compliance, and ensuring security artifacts accurately reflect the current state of each system you support.What You'll DoServe as the primary ISSO for assigned federal information systems, maintaining comprehensive knowledge of each system's security posture, authorization boundary, and control implementation status.Develop, maintain, and assess Security Assessment & Authorization (SA&A) packages leading to Authority to Operate (ATO): SSPP, SAR, POA&M, IRP, CP, CMP, IPA, PIA, MOU, ISA, and authorization documentation.Coordinate with system owners and operations and maintenance (O&M) staff to ensure ongoing compliance with applicable federal security requirements and standards.Support continuous monitoring activities: track control assessment schedules, review and update authorization packages based on system and environment changes, and report security posture to the Authorizing Official.Develop and maintain Incident Response Plans and Procedures; coordinate with the client security operations center when security incidents are identified.Prepare and maintain Contingency Plans (CP) and Configuration Management Plans (CMP) per applicable NIST standards.Coordinate privacy documentation with records management and privacy officials: IPA, PIA, and SORN for systems processing PII.Develop and track Plans of Action and Milestones (POA&M) for all identified security and privacy control weaknesses; ensure POA&Ms are accurate and do not improperly defer legally required controls.Support annual FISMA and FISCAM audit activities: gather evidence, respond to auditor requests, and coordinate corrective actions.Provide regular security posture status reporting on assigned systems.Who You AreISSO: You have served as an ISSO in practice: you own your systems' security posture, understand their boundaries, and keep their SA&A packages current.Documentation Expert: You produce SSPP, SAR, POA&M, IRP, CP, and CMP documentation that is accurate, complete, and government-ready without extensive rework.Privacy-Aware: You recognize when a system triggers PII documentation requirements and know how to coordinate IPA and PIA processes with privacy officials.Continuous Monitoring Practitioner: You understand federal ISCM strategies and can implement system-level monitoring plans that supplement agency requirements.Organized: You manage multiple systems simultaneously, tracking authorization status, POA&M items, and upcoming assessment milestones across your portfolio.Federal-Fluent: You have worked within a federal environment and understand FISMA, the Privacy Act, OMB A-130, and the practical realities of the government authorization process.Preferred SkillsPrior ISSO experience supporting federal agency IT systemsExperience using federal authorization management platforms (e.g., JCAM) for package management and status trackingExperience coordinating SORN submissions and PIA reviews with agency privacy officialsExperience supporting both on-premises and FedRAMP cloud system authorization packagesFamiliarity with NIST SP 800-88 Rev. 1 media sanitization proceduresExperience with configuration management and change control processes in a federal environmentREQUIRED EDUCATION + EXPERIENCEEducation: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related fieldExperience: 7+ years of cybersecurity expertise; 6+ years developing, maintaining, and assessing SA&A packages resulting in ATO for federal information systemsCertifications: Minimum one (1) of the following: CISA (ISACA), CRISC (ISACA), CISSP (ISC2), CGRC (ISC2)Clearance: Public Trust / Suitability clearance requiredGeneral Program RequirementsCitizenship: Must be a U.S. Citizen. No exception.Work Hours: Full-time; Monday–Friday core hours 0730–1600 ESTWork Location: Hybrid – Washington, DC Metro Area; on-site presence required. Classified work must be performed at a government-designated facility on government-provided equipment.Travel: Occasional travel may be required in support of this program.Who We Arephia LLC ("phia") is a Northern Virginia based, small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer's missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.phia offers excellent benefits to enhance work-life balance, including the following:Medical InsuranceDental InsuranceVision InsuranceLife InsuranceShort Term & Long Term Disability401k Retirement Savings Plan with Company MatchPaid HolidaysPaid Time Off (PTO)Tuition and Professional Development Assistancephia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.