Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

FedRAMP: Information Systems Security Officer (ISSO)/Cloud Security Assessment GS13

This job posting has closed.

Please see our other open positions.

Basic information

Open to U.S. citizens or nationals (residents of American Samoa and Swains Island). Subject to background check. Full information is available on USAJOBS.

Supervisory status: Not Supervisory

Job title: FedRAMP Information Systems Security Officer (ISSO)/Cloud Security Assessment

Official title in USAJOBS:

Number of vacancies: 3

Location: Anywhere in the U.S. (remote)

Salary range: GS-13 ($103,409 to $167,336)

Your salary, including base and locality, will be determined upon selection, dependent on your actual duty location. Please note the maximum salary available for the GS pay system is $183,500. For specific details on locality pay, please visit OPM’s Salaries & Wages page or for a salary calculator OPM’s 2023 General Schedule (GS) Salary Calculator. You can find more information in our compensation and benefits section.

Travel requirement: Occasional travel may be required up to 10%-20% per year.

Work schedule: Full time.

Appointment type: This is a permanent position.

Learn more about the benefits of working at GSA and TTS.

Role summary

The American people deserve to trust that their government is effectively securing their online interactions. Those agencies, in turn, trust FedRAMP to provide fair, accurate and unbiased assessments of cloud service offerings. FedRAMP is a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment and maintaining a centralized repository of security packages that agencies can request and reuse.

The FedRAMP Program Lead will unite vision and execution to lead an interdisciplinary team in delivering the IT/Cybersecurity assessment of commercial cloud services leveraging current industry and government cybersecurity laws and policies.

Key objectives

1. Own the product vision and lead end-to-end product/program development and management.

  • Operates as part of the FedRAMP Cloud Assessment Team supporting program strategy and roadmap, including objectives, goals, and metrics, in support of federal cybersecurity and FedRAMP program policy.

  • Develop a communications strategy and training that includes internal/external government and commercial stakeholders supporting Vulnerability Management program goals and expectations.

  • Identify, proactively monitor and address program risks associated with cybersecurity and vulnerability management within the cloud cybersecurity assessment process.

  • Work with the team to set and meet quality standards for vulnerability management deliverables.

  • Make evidence-based program decisions through use of user research, analytics, and other tools.

  • Ensure commercial cloud service providers adhere to federal regulations and standards.

2. Work with agency partners to enable cybersecurity risk management.

  • Work with partners and stakeholders to operate within established in-house cloud security assessment program.

  • Collaborate with partners to navigate complex bureaucratic relationships to bring stakeholders together around a common program vision and strategy to support the cybersecurity assessment of commercial cloud services..

  • Work with partners to establish relationships with their security, operations, and IT teams that will help sustain the product in the long term.

3. Build expertise around program management.

  • Keep abreast of program management best practices and share within the TTS organization to grow overall program management quality.

  • Stay on top of new technologies and how they can be used to help solve government problems.

  • Contribute to FedRAMP’s culture of transparency by publishing accounts of successes and challenges to help promote transparency and help agencies and commercial entities understand and navigate program complexities

  • Continually seek out new tools that could improve the way we work.

  • Pay attention to well-supported open source product offerings that can be reused in a government context to solve common problems.


Provide as much detail as possible on your resume so that we can evaluate your previous experience. Follow our guidance on creating a federal style resume.

Failure to provide required information may result in disqualification.

For each job on your resume, provide:

  • The exact dates you held each job (from month/year to month/year or “present”)
  • Number of hours per week you worked (if part time)


To qualify, you must have one (1) year of specialized experience at the next lower GS-grade (or equivalent). Specialized experience is defined as follows:

  • Experience implementing, evaluating, and assessing cybersecurity and compliance standards, such as International Standards Organization (ISO), Health Insurance Portability and Accountability Act (HIPAA), Security Operations Center (SOC), Payment Card Industry (PCI), National Institute of Standards and Technology (NIST), or FedRAMP.
  • Experience participating in the delivery of a highly complex digital program, product or business
  • Experience building and managing collaborative relationships with a complex set of stakeholders to achieve program goals.
  • Experience in developing organizational cybersecurity policy and practice to further the assessment of complex IT and cloud-based systems.

How to Apply

Join TTS

An official website of the GSA’s Technology Transformation Services

Looking for U.S. government information and services?