Information System Security Officer (ISSO)

Dragonfli Group is a cybersecurity and IT consulting firm headquartered in Washington, DC, delivering strategic solutions to government agencies and enterprise clients nationwide. We specialize in risk management, assessment & authorization (A&A), cloud security, and enterprise IT architecture. Our teams operate in diverse work environments—including on-site, hybrid, and fully remote—on contracts ranging from several months to multiple years.

We are seeking an Information System Security Officer (ISSO) to join our Assessment & Authorization (A&A) program supporting a federal agency focused on risk management and compliance. The ISSO will lead and manage security assessments across multiple applications, systems, and domains, including cloud environments. This role requires proven experience implementing security controls, conducting risk assessments, and documenting compliance in alignment with NIST Risk Management Framework (RMF), ISO standards, and federal regulatory requirements. The ISSO will develop actionable security blueprints and governance frameworks, and ensure enterprise IT architecture meets both operational and security objectives.

Key Responsibilities:

• Manage multiple large-scale A&A projects of high complexity and risk.
• Implement and validate security controls, ensuring compliance with organizational and regulatory standards.
• Conduct risk assessments, vulnerability scanning, and security architecture reviews.
• Support documentation, validation, and accreditation processes for IT systems.
• Utilize Governance, Risk, and Compliance (GRC) tools to manage A&A workflows.
• Develop security principles, standards, and guidelines for enterprise architecture.
• Provide subject matter expertise on assessment and authorization processes.

Travel: Minimal, as required for project needs.

Clearance Requirement: U.S. citizenship or lawful permanent residency required.

AI Usage Policy: Candidates must be able to independently demonstrate technical proficiency without the use of AI tools during interviews or performance assessments.

Required Skills & Qualifications:

• 7+ years of experience in information security, including A&A and risk management.
• Demonstrated proficiency with NIST RMF, ISO 27001/27002, and related federal security frameworks.
• Hands-on experience with network and vulnerability scanning tools (e.g., Nessus, Qualys, OpenVAS).
• In-depth understanding of security architecture principles and secure system design.
• Strong knowledge of cloud security best practices across AWS, Azure, or other major providers.
• Proficiency with GRC tools for managing A&A processes.
• Excellent written and verbal communication skills with ability to create clear, actionable plans.
• Strong organizational and project management skills for high-complexity initiatives.

Benefits:

• Insurance – health, dental, and vision
• Paid Time Off (PTO) and 11 Federal Holidays
• 401(k) employer match