Information System Security Officer (ISSO)
Job Description
Job Description
Information System Security Officer (ISSO)
Location: Wall Township, NJ | Reports to: CISO | Clearance: U.S. Person required; ability to obtain Public Trust preferred
About the Role
911inform is seeking an Information System Security Officer (ISSO) to serve as the day-to-day security steward of our FedRAMP Moderate authorized SaaS platform. The ISSO is the hands-on owner of the System Security Plan (SSP), continuous monitoring (ConMon), POA&M management, and audit evidence collection across our AWS GovCloud and Commercial environments. This role is ideal for a detail-oriented security practitioner who thrives in compliance-driven operations and enjoys turning controls into working processes.
Key Responsibilities
System Security Plan (SSP) Ownership — Maintain and update the FedRAMP Moderate SSP, including all narrative sections, appendices (cryptographic modules, ports/protocols, interconnections), and supporting attachments.
Continuous Monitoring (ConMon) — Execute monthly ConMon deliverables: vulnerability scan reports (Tenable), POA&M updates, inventory reconciliation, and significant change requests.
POA&M Management — Track, prioritize, and drive remediation of findings to closure; coordinate with engineering and IT to meet FedRAMP timelines (30/90/180 days by severity).
Audit Evidence Collection — Package and submit evidence for FedRAMP, SOC 2 Type II, and ISO 27001 audits; maintain Vanta and SharePoint-based evidence libraries.
Access Reviews — Conduct quarterly access reviews across AWS (Commercial + GovCloud), M365 GCC, MongoDB Atlas for Government, CrowdStrike, Tenable, Action1, Jira, and other in-boundary systems.
Vulnerability & Endpoint Oversight — Monitor Tenable Nessus, CrowdStrike Falcon, and Action1 coverage; investigate agent reporting gaps and orphaned endpoints.
Incident Response Support — Maintain the IR Plan, support tabletop exercises, complete Appendix B incident collection forms, and assist in real-world investigations (e.g., supply chain events).
Policy & Procedure Maintenance — Keep Access Control, Privileged Access, Data Management, Incident Response, Secure SDLC, and Third-Party Management policies current and audit-ready.
Third-Party / Vendor Risk — Onboard new vendors, review DPAs/SLAs/SOC 2 reports, maintain the vendor risk register, and route critical-risk acceptances to the CFO per policy.
Control Implementation Support — Partner with engineering on NIST 800-53 Rev. 5 control implementation, particularly AC, AU, CM, CP, IR, RA, SC, and SI families.
Required Qualifications
3–5+ years in information security, compliance, or GRC roles.
Working knowledge of NIST 800-53 Rev. 5, FedRAMP Moderate, SOC 2, and ISO 27001.
Hands-on experience with AWS (GovCloud a plus), Microsoft 365 (GCC a plus), and at least one EDR/VM platform (CrowdStrike, Tenable, Defender).
Experience writing and maintaining SSPs, POA&Ms, and audit evidence.
Strong written communication — able to produce audit-ready narratives and executive summaries.
Preferred Qualifications
CISSP, CISA, CAP, CCSP, Security+, or equivalent.
Prior experience supporting a FedRAMP authorization or 3PAO assessment.
Familiarity with Vanta, Drata, or similar GRC automation tools.
Background in public safety, 9-1-1, telecom, or critical infrastructure SaaS.
Company DescriptionIn 2015, the founder of 911inform, Ivo Allen, found inspiration for the company after watching news footage of a recent shooting. Unfortunately, this is an issue that’s far too prevalent here in the US, but what really struck Ivo was the fact that many of the victims passed away from the inability of emergency first-response teams to arrive on the scene quickly enough. This was due to a variety of factors, but the core reason was the fact that these first responders didn’t have the tools available to them to gain a better grasp of the emergency at hand. They had little to no transparency into the emergency and little to no direct communication with those affected by it. They would often be walking into an emergency totally blind, and in an active shooter situation, this is unacceptable. With new technological advancements in safety and security systems, Ivo knew there was a better way. He went to work on the product and after years of testing, 911inform was formally established in 2018.
Company Description
In 2015, the founder of 911inform, Ivo Allen, found inspiration for the company after watching news footage of a recent shooting. Unfortunately, this is an issue that’s far too prevalent here in the US, but what really struck Ivo was the fact that many of the victims passed away from the inability of emergency first-response teams to arrive on the scene quickly enough. This was due to a variety of factors, but the core reason was the fact that these first responders didn’t have the tools available to them to gain a better grasp of the emergency at hand. They had little to no transparency into the emergency and little to no direct communication with those affected by it. They would often be walking into an emergency totally blind, and in an active shooter situation, this is unacceptable. With new technological advancements in safety and security systems, Ivo knew there was a better way. He went to work on the product and after years of testing, 911inform was formally established in 2018.