Skip to Main Content

Information System Security Officer Senior

Crystal Management
Reston, VA
  • Expired: January 20, 2023. Applications are no longer accepted.


Since 2005, Crystal Management provides information technology (IT) infrastructure, systems integration, cybersecurity, facility design and transition, and professional services to customers in the defense, civilian federal agencies, homeland security, intelligence, and commercial sectors. We understand the mission demands innovative approaches, technology, and people. With talented professionals deployed worldwide, Crystal Management delivers IT enterprise solutions, systems engineering, and management consulting services for the largest transformation and restationing programs in defense history. Crystal Management is a service-disabled veteran-owned small business.

Position Summary

Crystal Management is seeking a motivated, career, and customer-oriented Information System Security Officer (ISSO) to support multiple Federal Agencies through the Continuous Diagnostics & Mitigation (CDM) Program. The CDM Program is a high-profile, high-visibility, cybersecurity modernization and risk management program where you can contribute innovative solutions and consult with several Federal Agencies to enhance their Information Assurance (IA) programs and continuous monitoring capabilities.

As a member of the Service Transition organization, the ISSO will work closely with engineers, testers, trainers as well as Federal agency personnel to perform change management and release planning activities in support of the deployment of cyber solutions. The ISSO will execute change management activities against the established solutions for internal and external change control functions on a large-scale cyber program.


  • Perform all key functions for the facilitation, execution, and reporting of all system security externally with Federal Agencies
  • Support the creation of contract deliverables and system security-related project artifacts
  • Provide consulting to Agencies on Requests for Service for the design, development, and deployment of Ongoing Assessment, Ongoing Authorization, and other Information Assurance (IA) initiatives
  • Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide increased visibility to system owners on impacts to the security posture of systems
  • Ensure system security measures comply with applicable government policies
  • Monitor configuration management changes and assess the impact of modifications and vulnerabilities for each system
  • Ensure that system security requirements are addressed throughout the project and system lifecycle
  • Ensure effective controls and processes are in place and working effectively to maintain a strong system security posture.
  • Perform vulnerability/risk assessment analyses to support Assessment & Authorization (A&A) activities
  • Develop, maintain, and facilitate the appropriate closure of POA&Ms and facilitate with the Agency-designated security Point of Contact (POC)/ISSO any related remediation activities
  • Understand and monitor operations processes, including but not limited to, the Incident Response Process and Communications Process, to ensure that they are followed properly at Agencies for applicable CDM solutions and tools
  • Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate
  • Provide prompt feedback to CDM Project Management, Engineering, and Operations personnel in a timely manner and provide ongoing education on security protocols and procedures

Education/Certification Requirements

  • Bachelor's degree in Information Technology or Information Security
  • DoD 8570 approved IAM Level 2 baseline certification (e.g., CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, or HCISPP)
  • ITIL certification preferred

Qualifications Required

  • Minimum of 7 years of demonstrated InfoSec experience specializing in NIST RMF
  • Experience with DHS Ongoing Authorization Program Framework and use cases preferred
  • Experience with DHS Continuous Diagnostics and Mitigation (CDM) a plus
  • Experience with AWS Cloud, Azure Cloud, or Cloud implementations and environments
  • Extensive knowledge and experience with information security standards, policies, and practices - NIST SP 800-53 rev4, SP 800-37 rev2, FIPS-199, DHS 4300A.
  • Demonstrated experience writing information system security documentation (System Security Plans (SSP), Plans of Action and Milestones (POA&Ms), PTAs, PIAs, CMPs, CPs, and IRPs).
  • Experience using vulnerability assessment tools (NESSUS, AppDetective, etc.), analyzing and interpreting assessment results.
  • Extensive experience analyzing information technology and system risk in complex environments and articulating results (verbal/written reports) to all levels of management
  • Ability to research and address information security issues as required as an authority on the subject.
  • FedRAMP experience is a plus
  • Strong understanding of infrastructure technologies and functionalities (e.g., firewalls, Windows/Linux servers, Active Directory (AD), Splunk, Solarwinds, CyberArk, etc.)
  • Effective oral and written communication skills with customer, technical, and senior management personnel
  • Must be a self-starter and be an effective problem-solver
  • Exceptional organizational and multi-tasking skills

Preferred Qualifications

  • Demonstrated DHS-specific InfoSec experience specializing in NIST RMF
  • Extensive experience with Jira, ServiceNow, and SharePoint
  • Experience with program evaluation and redesign
  • Experience with configuration, requirements, incident, and problem management

Clearance Requirements

  • Must be a US Citizen (non-dual citizenship) with the ability to obtain a Public Trust and DHS Suitability.

Physical Requirements

  • Office work, typically sedentary with some movement around the office

COVID-19 Safety Protocols: To protect the health and safety of its employees and to comply with customer requirements, employees in certain positions may be required to be fully vaccinated against COVID-19 or subject to facility entry safety protocols (e.g., testing, masking, physical distancing), subject to the status of the federal contractor mandate and customer site requirements.

Crystal Management, LLC provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.



Crystal Management


Reston, VA
20191 USA