Mid Level Information Security Officer Jobs
Mid level information security officer jobs go to professionals ready to own security programs end to end, mentor junior analysts, and make risk decisions with limited oversight. Roles run across Banking & Financial Services, Biotechnology & Pharmaceuticals, and Consulting & Professional Services, with a notable mix of remote and hybrid positions, and employers like Raytheon, Bank of China USA, and CACI International hiring at this level now.
Find JobsOverview
Showing 5 of 49+ Mid Level Information Security Officer jobs
- Create Waivers or Risk Acceptance Memos to assist in the effective management of system risks
- Conduct an annual assessment in accordance with guidance in the DHS Information Security Performance Plan
- Review and update security authorization documents as needed, but at least annually
- Coordinate with the customer's Privacy, Records, and Information Governance Divisions related to compliance documentation and other requirements
- Conduct Contingency Plan tests at least annually and update the plan
- Perform system self-assessments as part of the customer's Ongoing Authorization program
- Monitor and respond to Information Security Vulnerability Management (ISVM)/Patch Management
- Provide audit support for assigned systems (Financial, A-123, FISMA, internal, DHS, etc.), throughout the audit (Pre, During, and Post Audit)
- Maintain knowledge of inventory in accreditation boundary
- Proactively ensure security requirements are included in development cycle (Waterfall, Agile, DevSecOps)
- Use DHS and mandated enterprise IA Compliance Tools.
- Devise a plan to certify and accredit their assigned information systems
- Ensure configuration management processes are followed to ensure that any changes do not introduce new security risks
- Respond to emerging requirements or policies as set by legislation, regulation or policy
- Participate in DevSecOps (security integrated into Agile processes) requirements for assigned systems
- Support annual independent assessments in accordance with guidance in the DHS Information Security Performance Plan
- Masters degree and 4 years of cyber & FISMA experience; OR
- Bachelors degree and 5 years of cyber & FISMA experience; OR
- No degree and 9 years of experience, 7 of which must be cyber & FISMA
- Possesses one of the following professional security certifications:
- CISSP
- CASP
- CISM
- CEH
- CISA
- SSCP
- GISP
- GSLC
- Ability to hold and maintain DHS Public Trust
- Specialized knowledge of financial audit standards, classified system IA requirements and Privacy Act requirements
- Specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications (800-53 rev 4/5), particularly those associated with the Risk Management Framework (RMF)
- Ability to explain the RMF to non-technical individuals
- Specialized knowledge and experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, FedRAMP, and NIST guidelines
- Specialized knowledge and experience with vulnerability scanning execution, assessment, and analysis
- Specialized knowledge and experience with the operating system (Windows and/or Linux) and network (i.e., Local Area Networks [LAN] and Wide Area Networks [WAN])
- Specialized knowledge and experience with information security and assurance principles (e.g., Defense-in-depth) and associated supporting technologies
- Specialized knowledge and experience with application security, database security, and network security
- Ability to interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the cybersecurity program.
- Ability to advise appropriate senior leadership of changes affecting the system’s cybersecurity posture.
- Ability to assess and weigh current and evolving security threats in an operational environment
- Ability to interview system stakeholders to properly document security controls
- Ability to perform independent and self-assessments
- Ability to independently perform ISSO duties for at least one system
- Understands risks
- Recognize a possible security violation and take appropriate action to report the incident, as required.
- Current experience providing ISSO support to DHS
- Experience supporting systems hosted in Cloud environments.
- Experience supporting systems in Agile and DevSecOps environments
- Independent worker
- Ability to mentor other team members
Identity Statement
Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors. Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.
See All 49 Mid Level Information Security Officer Jobs
Find roles that match your experience and apply in just a few clicks.
Find JobsMid Level Information Security Officer Job Market
Who's Hiring
- Raytheon6
- Bank of China USA5

- CACI International3
- Booz Allen Hamilton3
- Columbia Technology Partners2

Top Industries Hiring
- Banking & Financial Services6
- Biotechnology & Pharmaceuticals6
- Consulting & Professional Services6
- Technology & Software3
- Healthcare & Medical Services2
Mid Level Information Security Officer Jobs: Frequently Asked Questions
How do I get a mid level information security officer job?
Highlight ownership rather than just participation: applications that show you led a vulnerability assessment, drove a compliance initiative, or built a security policy from scratch stand out at this level. Tailor your resume to demonstrate independent judgment, such as how you identified and remediated a real threat with measurable results. Certifications like CISSP, CISM, or Security+ reinforce your readiness for expanded responsibility.
Which companies hire mid level information security officers?
Companies hiring mid level information security officers right now include Raytheon, Bank of China USA, and CACI International, based on current listings on Migrate Mate as of July 2026. Hiring at this level comes from a wide range of organizations, including large enterprises building out dedicated security teams and mid-size firms looking for professionals who can operate with significant autonomy.
Are there remote mid level information security officer jobs?
Yes, though availability varies by employer and industry. About 11% of mid level information security officer openings are remote or hybrid as of July 2026, reflecting how much security work can be performed without being on-site. Roles tied to regulated industries or government contracts are more likely to require in-person presence due to compliance requirements.
How do I move up to a mid level information security officer role?
The path from entry level to mid level in information security runs through demonstrated ownership of real work, not just task completion. Build depth in at least one domain, such as incident response, cloud security, or compliance, and seek out projects where you are accountable for outcomes. Earning a recognized certification and contributing to post-incident reviews or policy updates signals that you are ready for greater scope.
Which industries hire the most mid level information security officers?
Mid Level information security officer roles concentrate in Banking & Financial Services, Biotechnology & Pharmaceuticals, and Consulting & Professional Services, based on current listings on Migrate Mate as of July 2026. These sectors drive hiring at this level because they face significant regulatory pressure, handle sensitive data at scale, or operate critical infrastructure that requires experienced security professionals to manage risk programs with real authority.