Information System Security Officer (ISSO)

An Information System Security Officer (ISSO) works under the ISSM to handle the day-to-day security operations of an information system. The ISSO monitors system activity, manages security configurations, responds to security events, and maintains security documentation.

While the ISSM manages the program at a higher level, the ISSO is hands-on with the system — running scans, reviewing logs, applying patches, and ensuring that security controls remain effective on a daily basis. In smaller organizations, one person may fill both the ISSM and ISSO roles.