ISSE

ISSE

At B&A, we foster and embrace a distinct set of values that we live by and instill in all aspects of our organization: dedication, commitment, partnership, trust, and recognition. We have incorporated these values into successful delivery for our customers since 1988. B&A believes in ensuring its employees feel deeply connected to B&A, recognizing successes and hard work, and providing continuous opportunities to learn and grow. Our people are entrepreneurial thinkers that combine mindset, vision, and experience to drive value - not only to us as an organization, but to the clients we support. We promote a collaborative culture with our clients, and with each other, as one team working towards a common vision. We'd love for you to join our team!

Job Summary

B&A is seeking a senior-level ISSE to lead and oversee the full Risk Management Framework (RMF) lifecycle for FBI information systems. This role serves as a principal cybersecurity advisor to government stakeholders, responsible for driving risk-informed decisions-not just compliance execution.

The ideal candidate brings deep federal cybersecurity experience (15-25+ years) with proven accountability for ATO delivery, continuous monitoring, and enterprise-level risk management across complex, multi-system environments. This position requires strong technical leadership, executive engagement, and the ability to integrate security into mission-driven programs where cost, schedule, and performance must be balanced with risk.

Responsibilities

• Lead, mentor, and supervise teams of 10-20+ cybersecurity professionals supporting FBI IT systems
• Direct full lifecycle implementation of RMF, including Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor
• Own and deliver ATO packages end-to-end, from initial package development through continuous monitoring
• Oversee RMF Prepare activities, ensuring clearly defined roles, responsibilities, and risk strategies
• Guide system categorization based on mission impact and regulatory requirements
• Direct security control selection, tailoring, implementation, and documentation aligned with Bureau risk tolerance
• Ensure quality, completeness, and accuracy of all RMF artifacts and deliverables within eMASS
• Plan and execute security control assessments, validating effectiveness and compliance
• Prepare and present authorization packages to Authorizing Officials (AOs) and senior leadership
• Serve as a trusted advisor translating cyber risk into actionable business and mission decisions
• Lead continuous monitoring (ConMon) efforts, including vulnerability management and metrics-driven reporting
• Utilize tools such as ACAS/Nessus for vulnerability tracking and remediation
• Oversee STIG/SCAP compliance validation and system hardening efforts
• Integrate cybersecurity into active acquisition and system development lifecycles, balancing mission, cost, and schedule constraints
• Support audit preparation and response, including FISMA and DOJ/OIG audits
• Drive risk mitigation strategies and oversee incident response and remediation efforts
• Provide training, mentorship, and cybersecurity awareness across technical teams
• Communicate system security posture, risks, and recommendations to executive stakeholders

Education and Experience

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, or related field
• Master's degree in a related field preferred
• 15-25+ years of federal cybersecurity experience
• Direct ownership of the full RMF lifecycle, including ATO package development through continuous monitoring
• Extensive hands-on experience with:
• System categorization
• Security control selection, implementation, and assessment
• Authorization and A&A processes
• Experience leading cybersecurity teams of 10-20+ personnel across multi-system portfolios
• Proven track record briefing senior leadership and Authorizing Officials, translating risk into actionable decisions
• Experience supporting federal law enforcement, intelligence, or high-security environments
• Experience integrating cybersecurity into acquisition and system development lifecycles
• Hands-on experience supporting audits, inspections, and executive authorization decisions
• Strong knowledge of NIST SP 800-series, FISMA, and federal cybersecurity frameworks
• Experience with continuous monitoring, risk assessment, and compliance reporting
• Hands-on experience with eMASS (package development and workflow management)
• Experience with ACAS/Nessus, STIGs, and SCAP compliance tools

Required Skills

• Risk Management Framework (RMF) lifecycle expertise
• NIST standards and guidance (SP 800-series)
• System categorization and impact analysis
• Security control selection, tailoring, and implementation
• Security control assessment and authorization (A&A)
• Continuous monitoring and metrics-driven security management
• Cybersecurity risk analysis and mitigation
• Incident response and system remediation support
• Technical leadership and team supervision
• Security engineering across system and application lifecycles
• Audit support and compliance management
• RMF documentation and artifact development
• Executive-level communication and reporting
• Training, mentoring, and security awareness development
• Ability to serve as a principal cybersecurity advisor to senior leadership and Authorizing Officials
• Strong technical leadership and team management capabilities
• Expertise in RMF documentation and artifact development
• Ability to translate cybersecurity risk into mission and business impact
• Strong communication skills, including executive-level briefings and reporting

• CISSP or CISM (active and current) - required
• DoD 8140 / 8570 compliance - required
• PMP - preferred
• Additional certifications such as CGRC, A-CCISO, or GSLC are highly desirable

Security Clearance

• Active Top-Secret Clearance
• CI Polygraph strongly preferred

More About B&A:

Notable Clients
B&A has grown to be a company that is trusted by our clients for exceptional service, innovative solutions, and inspired employees. Our service extends through federal, state, and local Government, the private sector, and higher education. Some of our notable clients include Department of Homeland Security, U.S. Customs and Border Protection, U.S. Senate, U.S. Courts, U.S. Census Bureau, U.S. Navy, and more.

Benefits and Programs

B&A is proud to offer three robust individual and family medical plans to full time employees, including a Health Savings Account (HSA) option as well as two tiers of dental coverage, vision, life & AD&D, disability, accident, hospital indemnity, and critical illness insurance. In addition to these benefits, B&A employees enjoy paid time off, B&A sponsored trainings and certifications, pet insurance benefits, commuter transit benefits and a free subscription to a virtual exercise platform (NEOU). B&A's 401(k) plan is available to all employees and includes a company matching contribution.

B&A has launched several programs to focus on employee engagement, wellness, and assistance. These include:

• The B&A Cares program: 30/60/90-day wellness check ins, personal development, financial management, and stress management seminars, and more
• A formal mentorship program
• Job shadowing and cross training opportunities
• Brand Ambassador program
• Employee Assistance Program (EAP) - Access to various support resources to include counseling, legal guidance, financial planning, and more
• Monthly teambuilding events
• B&A Annual Wellness Challenges: #StepWithB&A, #WalkDuringLunchWithB&A, #VolunteeringWithB&A, #ExerciseDuringLunchWithB&A, and more

At B&A, we place significant importance on improving the communities and lives of citizens across the nation through our involvement, technology expertise, and employees. B&A puts an emphasis on charitable efforts in the Northern Virginia area, including Capital Area Food Bank pantry drives, book donations, Hope for Henry Foundation events, and many more. In recognition of all these efforts, B&A has been named a Companies as Responsive Employers (CARE) award recipient by Northern Virginia Family Services and nominated by the Northern Virginia Chamber of Commerce for Outstanding Corporate Citizenship Award.

EEO

B&A provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. B&A complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy covers conduct occurring at B&A's offices, and other workplaces (including client sites) and all other locations where B&A is providing services, and to all work-related activities.

EEO is the Law

B&A participates in e-Verify. We provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 Form to confirm work authorization.