Gila County is seeking a Lead Information Security Engineer who will be responsible for the development and maintenance of security authorization packages to ensure compliance with federal requirements. The role involves executing the Risk Management Framework (RMF) lifecycle and ensuring the systems maintain an Authorization to Operate (ATO) status.
Responsibilities:
- Serve as the primary ISSO for assigned systems, accountable for end-to-end RMF execution and ATO outcomes
- Execute the full RMF lifecycle, including categorization, control implementation, assessment readiness, authorization support, and continuous monitoring
- Develop, maintain, and ensure accuracy of authorization artifacts (e.g., SSP, POA&M, control evidence)
- Ensure systems remain ATO-compliant, audit-ready, and aligned with federal requirements (e.g., FedRAMP, FISMA, DoD)
- Track, prioritize, and drive remediation of vulnerabilities, audit findings, and control deficiencies
- Provide system-level risk assessments and actionable recommendations, including impact and remediation considerations
- Monitor vulnerability, audit, and continuous monitoring data to maintain awareness of system risk posture
- Coordinate with engineering, operations, and program teams to ensure security controls are implemented effectively and sustainably
- Support security assessments, audits, and inspections as the ISSO representative, including direct interaction with assessors and customer stakeholders
- Evaluate products, services, and proposed architectures for compliance, risk, and implementation feasibility within customer authorization environments
- Support customer integration of managed services by defining control responsibilities, inheritance boundaries, and implementation expectations
- Provide input grounded in RMF execution and ATO processes to support solution design, capture efforts, and delivery alignment
Requirements:
- US citizenship required
- Bachelor's degree in information assurance, cybersecurity, or a related field, or equivalent experience
- Minimum of 5 years of relevant experience in information assurance, with demonstrated responsibility for RMF execution and ATO support
- Strong working knowledge of NIST RMF (SP 800-37) and NIST SP 800-53 control framework
- Demonstrated experience executing RMF activities and supporting or leading ATO outcomes for federal or DoD systems
- Experience with FedRAMP and/or FISMA authorization processes, including artifact development and assessment readiness
- Ability to independently execute RMF activities and manage system-level security posture with minimal oversight
- Strong understanding of control implementation, inheritance, and shared responsibility models within complex or hybrid environments
- Ability to assess and communicate security risk in complex architectures, translating regulatory requirements into actionable guidance
- Experience evaluating security, compliance, and delivery feasibility of products, services, and architectures
- Working knowledge of cryptographic principles and emerging standards, including post-quantum cryptography (PQC), and ability to assess vendor solutions for compliance, risk, and implementation considerations
- Strong collaboration skills across engineering, operations, program management, and security teams
- Effective written and verbal communication skills for both technical and non-technical audiences
- Demonstrates Lumen leadership behaviors (teamwork, trust, transparency, clarity, courage, customer focus, growth mindset, respect)
- The capability to meet the suitability requirements for a GSA public trust position is required
- Experience operating in customer-facing or services-based environments supporting federal or regulated clients is strongly preferred
- Relevant certifications in governance, risk, and compliance (e.g., CGRC, CISA) are strongly preferred or equivalent demonstrated RMF experience
- Broad security certifications (e.g., CISSP, CCSP) are preferred and may supplement GRC experience