JOB TITLE: Information Systems Security Officer


The Information System Security Officer (ISSO) position is for the Defense Health Agency (DHA) on site at a Military Treatment Facility (MTF).  As the ISSO, the candidate will perform assigned tasks and support security activities in compliance with Risk Management Framework (RMF) policies and procedures enabling integrated healthcare delivery for those who serve in the defense of our country and their families. This position will be contingent upon contract award.




Support, duties, and tasks in this area includes, but is not limited to:


  • Assist the leadership in meeting their duties and responsibilities.

  • Implement and enforce MTF Infrastructure RMF Packages, to include creating Package Implementation Plans and Package Security Plans for MTF Infrastructure and IT Shared Services.

  • Comply with all RMF requirements to successfully maintain Approval to Operate (ATO) status.

  • Initiate Plan of Action and Measures (POAMs), as needed.

  • Perform activities to support receiving and maintaining ATC/ATO for new or existing systems and applications and maintain inventory of ATC/ATO status of systems and applications.

  • Perform Continuous Vulnerability Monitoring for all regional MTFs.

  • Maintain inventory of MTF Infrastructures, IT Shared Services, and Medical Servers and Applications, initiate regular and as-needed scans of same. Report vulnerabilities to appropriate POCs and monitor their mitigation.

  • Provide support in development and implementation of Local Area Network (LAN)/Wide Area Network (WAN)/PC/Server-related security policies.

  • Provide cybersecurity reports to DHA leadership, as needed.

  • Comply with MTF cybersecurity program implementation plan and ensures compliance with DHA management policies.

  • In coordination with leadership, Ensure compliance with data security policies and relevant legal and regulatory requirements in accordance with DHA directives and applicable RMF requirements.

  • Maintain current knowledge of authenticator management for unclassified systems.

  • In coordination with leadership, ensure compliance with protection requirements, control procedures, incident management reporting, remote access requirements, and system management for all systems under scope.

  • Performs other related duties as assigned by management.




  • U.S. Citizenship

  • A Bachelor’s Degree in a related field identified.  A minimum of one (1) year working as an Information Systems Security Officer.

  • Current background Investigation Tier 5 (SSBI), IAT Level 2 ADP/IT II.

  • Experience with DoD Risk Management Framework (RMF).

  • Certificates, licenses and registrations required:  Security + certification.

  • Computer skills required: (MS Word, Outlook, Excel, Project, and PowerPoint)

  • Other skills required: Ability to multi-task, compromise, and solve problems, excellent time management and ability to meet deadlines, superior verbal and written communication skills.

  • Occasional travel may be required.