Sr. Information System Security Officer

NOTE: This role is contingent on the contract being awarded.

Synergy Business Innovation & Solutions is a premier implementer of cutting-edge software solutions. Synergy brings the experience and expertise necessary to deliver capability that provides tangible ROI to our customers. Synergy's core areas of expertise are in the fields of Digital Transformation, Cloud Solutions, SaaS and Low-Code/No-Code solutions, Emerging Technologies, Data analytics and Visualization, Information Assurance, and Business Process Re-Engineering.

Synergy offers its employees a generous portfolio of core and voluntary benefits including group medical, dental, and vision insurance, HSA, FSA, 401(k) with immediately vested company match, PTO/Sick Leave, 11 paid federal holidays, company paid life, short-term and long-term disability insurance, tuition and training reimbursement, fitness/wellness reimbursement, a referral bonus program, and life management programs.

At Synergy, you'll be challenged and given the opportunity to grow in your career path. In fact, growth is such a big deal to us that you will have dedicated career coaches available for every employee, company-funded certification opportunities, education reimbursement, and a general open-door policy so that you have support when you need it. Our team is eager to learn, fast-paced, and quality-driven-if that sounds like you, Synergy has a position for you!

• Serve as the lead security representative for system RMF lifecycle activities, including control selection, implementation, testing, and documentation.
• Develop, review, and maintain key RMF artifacts such as System Security Plans (SSPs), Security Assessment Reports (SARs), Contingency Plans (CPs), and POA&Ms.
• Ensure systems maintain a valid Authorization to Operate (ATO) through continuous monitoring, vulnerability assessments, and compliance reporting.
• Validate the implementation of security controls and document evidence in Enterprise Mission Assurance Support Service (eMASS).
• Collaborate with cybersecurity engineers, auditors, and control assessors to prepare for internal and external security audits and inspections.
• Analyze and respond to scan results, SIEM alerts, audit logs, change management actions, and potential cybersecurity incidents.
• Support the integration of security into DevSecOps pipelines, ensuring secure configuration management, patching, and container security practices.
• Provide security engineering guidance to development and infrastructure teams in areas such as encryption, access controls, secure protocols, and authentication methods.
• Lead the execution of cybersecurity training, awareness initiatives, and policy compliance briefings for staff and stakeholders.
• Identify, assess, and mitigate risks associated with system design, implementation, and operational posture.
• Provide oversight for managing privacy-related data, insider threat indicators, and incident handling workflows in accordance with federal mandates.
• All other duties as assigned by management.

• Advanced understanding of NIST RMF, NIST SP 800-37, 800-53 Rev. 5, DHS 4300A, and FISMA compliance requirements.
• Hands-on experience with SIEM tools, eMASS, vulnerability scanning platforms, and ATO documentation processes.
• Proven ability to develop and maintain ATO documentation and assess control effectiveness across multiple systems.
• Experience implementing cybersecurity best practices in complex hybrid environments (on-premise, virtual, and cloud-based).
• Strong working knowledge of Active Directory, Linux/Windows administration, and secure infrastructure hardening.
• Familiarity with Agile/DevSecOps development cycles and secure code integration principles.
• Excellent analytical, organizational, and communication skills, with an ability to brief senior stakeholders and deliver formal documentation.

• Bachelor's or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education.
• Minimum of six (6) years experience in information security/information assurance.
• Minimum of five (5) years of experience in the risk management framework.
• Hands-on experience with Active Directory, Windows/UNIX systems, and relational databases in secure environments.
• Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred.

• U.S. citizenship required
• Must have an active DoD Secret Clearance.

• IAM (Information Assurance Management) Level II certification required (CompTIA Security+, CompTIA CySA, (ISC) SSCP, CCNA Security, GSEC, CND, or CompTIA PenTest+)
• Additional certifications (Network+, AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ITIL Foundation, TOGAF, or other cybersecurity architecture certifications) are a plus.

• Elizabeth City, NC - Hybrid
• North Carolina Region - Must be able to go on-site at least three days a week

Compensation for roles at Synergy varies depending on a wide variety of factors including but not limited to the requirements of the role; education and certifications; knowledge, training, skills and abilities; level of experience; geographic location; and alignment with market data, law, and other business and organizational needs. As required by local law, the posted pay range represents the lowest to the highest pay that Synergy believes in good faith it might pay for this particular job, depending on the circumstances. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. It is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case.

Essential Job Function Physical Requirements: The physical requirements of this position are critical in evaluating the qualifications and abilities of an applicant or employee. The physical efforts needed to perform the essential duties of this job 90% of the time are repetitive motions, grasping, holding, and finger dexterity of the hands, reading, writing, eye-hand coordination, color distinction, and full visual abilities, hearing, talking, sitting, and use of IT equipment, phones, and office machines.

To a reduced degree, <30% of the time, candidates may have to stand, walk, lift 0-30 pounds, push or pull objects, climb stairs, bend, squat, reach, drive a car, or work overtime.

Synergy is an equal opportunity employer, and does not discriminate against applicants for employment or its employees on the basis of age, race (including hair texture/style), creed, color, religion, religious creed, ancestry, national origin, ethnic origin, sexual orientation, gender identity or expression, military or veteran status, sex, medical condition, pregnancy (childbirth, breastfeeding, and related medical conditions), physical or mental disability, personal appearance, organ donation and hair length associated with race, genetic information or characteristics, family responsibilities, familial status, marital status, citizenship or immigration status, status as a victim of domestic violence, a sexual offense, or stalking, political affiliation, arrest records and criminal convictions, credit information, matriculation, homeless status, or any other characteristic protected by federal, state and local law. Discrimination or harassment based upon these protected categories is expressly prohibited. This policy applies to all aspects of employment, including job selection, assignment, promotion, compensation, benefits, training, discipline and termination.

#LI- Hybrid