Information System Security Officer (ISSO III)
Category: Cyber Security
Main location: United States, Pennsylvania, Philadelphia
Position ID: J1025-1967
Employment Type: Full Time
Position Description:
We're looking for Information System Security Officers (ISSO III) candidates ready to step into a mission-critical role supporting Navy cybersecurity and information assurance operations. This is a high visibility opportunity to lead Risk Management Framework (RMF) lifecycle activities, guide vulnerable remediation efforts, and directly contribute to system Authority to Operate (ATOs) across a complex, enterprise Department of Defense (DoD) environment. You'll work alongside seasoned Information System Security Managers (ISSMs), engineers, and compliance professionals to strengthen Navy systems, ensure audit readiness, and enable mission assurance. If you're a self-starter with hands-on RMF experience, strong writing skills, and the drive to make an impact, this is the role for you. Join CGI and secure the mission from day one.
This position is located in Philadelphia, PA. 90% onsite (1 day per week remote)
Due to the nature of this government contract, US Citizenship is required with the ability to obtain and maintain an Active DOD Secret Clearance is Required.
Your future duties and responsibilities:
. Assist Information System Security Managers (ISSMs) in executing their cybersecurity responsibilities.
. Ensure full compliance with NAVSEA, Department of the Navy (DON), and Department of Defense (DoD) cybersecurity policies.
. Maintain up-to-date cybersecurity policy and procedural documentation, ensuring accessibility to authorized personnel.
. Coordinate and manage cybersecurity processes and activities for assigned systems.
. Track and report the status of Assess Only (AO) and Assessment and Authorization (A&A) activities to Program Managers, Information System Owners, and ISSMs.
. Provide oversight of Security Plans for assigned systems throughout their lifecycle.
. Manage and maintain Plan of Actions and Milestones (POA&Ms), ensuring vulnerabilities are documented, tracked, mitigated, and remediated where feasible.
. Support identification of appropriate security control baselines and overlays.
. Coordinate validation of security controls with Navy Qualified Validators (NQVs).
. Conduct Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews.
. Adjudicate findings submitted by the Package Submitting Officer (PSO).
. Register and maintain cybersecurity system data within the Enterprise Mission Assurance Support Service (eMASS).
. Plan and coordinate testing of security controls during risk assessments and annual security reviews.
. Report changes in system security posture to the ISSM.
. Execute Continuous Monitoring activities in alignment with the System Level Continuous Monitoring (SLCM) Strategy.
. Review data from Continuous Monitoring, update eMASS records accordingly, and escalate issues to leadership when necessary.
. Correlate findings from vulnerability assessments-including Developmental Testing (DT), Operational Testing (OT), penetration testing, and Command Cyber Operational Readiness Inspections (CCORI)-to RMF controls to ensure comprehensive risk management.
. Participate in change control and configuration management proces
Required qualifications to be successful in this role:
Six (6) years of experience coordinating and enacting required security changes, within various levels of an organization, ensuring compliance with published policies; conducting cybersecurity vulnerability and threat analysis; and support cyber incident-response by isolating potentially effected assets, initial investigation, and data collection, through status updates/reporting.
Desired qualifications/non-essential skills required:
. Advanced Certifications such as CISSP, CRISC, CASP+, CEH, or AWS/Azure security certifications demonstrating specialized cybersecurity knowledge beyond baseline requirements
. Experience with Navy cybersecurity environments, particularly NAVSEA, including familiarity with their unique RMF workflows, eMASS conventions, and VRAM usage
. Prior support to Navy Qualified Validators (NQV) or direct experience participating in security control validation activities
. Experience leading RMF packages through the full lifecycle-from categorization and control selection through assessment, authorization, and continuous monitoring
. Hands-on knowledge of eMASS, VRAM, ACAS, and HBSS (or equivalent DoD tools) for continuous monitoring and vulnerability remediation
. Familiarity with CCORI or CCRI preparations and inspections, including previous participation in Navy or DoD cyber readiness events
. Strong technical writing skills for drafting and maintaining SSPs, POA&Ms, SOPs, SLCM Strategies, and other RMF-related documentation
. Working knowledge of Security Technical Implementation Guides (STIGs) and tools such as STIG Viewer, SCAP Compliance Checker, and Nessus
. Experience coordinating with developers, system owners, and network engineers to remediate vulnerabilities and implement security controls
. Knowledge of DoD Cloud Security Requirements Guide (SRG) and experience supporting ATO packages for cloud-hosted environments (e.g., AWS GovCloud, Azure IL4/IL5)
. Agile or DevSecOps environment experience, including continuous integration pipelines and automated security testing
. Demonstrated success working in multi-contractor environments, coordinating with multiple stakeholders, and supporting large system portfolios
. Strong interpersonal and communication skills, with ability to brief technical findings to senior leadership and non-technical audiences
CGI is required by law in some jurisdictions to include a reasonable estimate of the compensation range for this role. The determination of this range includes various factors not limited to skill set, level, experience, relevant training, and licensure and certifications. To support the ability to reward for merit-based performance, CGI typically does not hire individuals at or near the top of the range for their role. Compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range for this role in the U.S. is $120,800.00 - $190,200.00.
CGI Federal's benefits are offered to eligible professionals on their first day of employment to include:
. Competitive compensation
. Comprehensive insurance options
. Matching contributions through the 401(k) plan and the share purchase plan
. Paid time off for vacation, holidays, and sick time
. Paid parental leave
. Learning opportunities and tuition assistance
. Wellness and Well-being programs
CGIFederalJob
LI-MG4
Skills:
Cyber
English
IT Security
Security Architecture
What you can expect from us:
Together, as owners, let's turn meaningful insights into action.
Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because...
You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction.
Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
Come join our team-one of the largest IT and business consulting services firms in the world.
Qualified applicants will receive consideration for employment without regard to their race, ethnicity, ancestry, color, sex, religion, creed, age, national origin, citizenship status, disability, pregnancy, medical condition, military and veteran status, marital status, sexual orientation or perceived sexual orientation, gender, gender identity, and gender expression, familial status or responsibilities, reproductive health decisions, political affiliation, genetic information, height, weight, or any other legally protected status or characteristics to the extent required by applicable federal, state, and/or local laws where we do business.
CGI provides reasonable accommodations to qualified individuals with disabilities. If you need an accommodation to apply for a job in the U.S., please email the CGI U.S. Employment Compliance mailbox at USEmploymentCompliance@cgi.com . You will need to reference the Position ID of the position in which you are interested. Your message will be routed to the appropriate recruiter who will assist you. Please note, this email address is only to be used for those individuals who need an accommodation to apply for a job. Emails for any other reason or those that do not include a Position ID will not be returned.
We make it easy to translate military experience and skills! Clickhere (https://cgi-veterans.jobs/) to be directed to our site that is dedicated to veterans and transitioning service members.
All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary dependent upon specific assignment and/or level of US government security clearance held. Dependent upon role and/or federal government security clearance requirements, and in accordance with applicable laws, some background investigations may include a credit check. CGI will consider for employment qualified applicants with arrests and conviction records in accordance with all local regulations and ordinances.
CGI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with CGI's legal duty to furnish information.
