INFORMATION SYSTEMS SECURITY OFFICER (ISSO)

Location: Washington, DC (On-Site, 5 days a week)
Clearance Requirement: Active TOP SECRET clearance with SCI eligibility
Salary Range: $130,000 to $135,000

WHO WE ARE

At RCG, Inc., we’re more than just a federal contracting company — we’re a team of innovators, problem-solvers, and collaborators. Proudly Certified™ as a Great Place to Work® for 4 years in a row, we are committed to building a culture where people can grow, contribute, and thrive while supporting meaningful government missions.

THE OPPORTUNITY

We are seeking a highly skilled Information Systems Security Officer (ISSO) to provide cybersecurity operations support at our federal client site in Washington, DC. This role requires an experienced professional who can ensure compliance with federal cybersecurity requirements, proactively manage risk, and support the ongoing protection of our government client’s systems.

• Review, update, and maintain cybersecurity policies, procedures, directives, and templates.
• Develop, edit, and format cybersecurity documentation including policies, standards, procedures, user manuals, and reports.
• Conduct risk assessments, gap analyses, and inventory reviews; recommend improvements.
• Support the Assessment & Authorization (A&A) process, ensuring alignment with NIST 800-53 rev. 5, FISMA, and FIPS 199 requirements.
• Perform POA&M updates and remediation, assist with closure requests, and support ongoing authorization (OA).
• Provide vulnerability scans, security testing, and evaluation of National Security Systems.
• Collaborate with stakeholders to update, review, and archive cybersecurity documentation.
• Provide technical expertise and guidance across contingency planning, incident response, and change management processes.
• Work with system engineers and administrators to develop corrective action plans from internal and external audits.
• Perform routine self-assessment audits to ensure compliance with agency and federal security requirements.
• Provide tracking, coordination, and reporting for required cybersecurity training activities.
• Review and develop system security plans and other required security documentation.
• Perform vulnerability assessment scans, interpret results, and track mitigation progress with system engineers and administrators.
• Conduct certification and accreditation activities to ensure systems remain accredited and risks are managed appropriately.