Cloud Information System Security Manager (ISSM)

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
• Candidates with a bachelor's degree in another discipline may be considered with relevant cybersecurity experience and applicable certifications.
• DoD 8570.01-M /DoD 8140 IAM Level II/ III certification: CISSP, CAP, CISM, CASP+ (SecurityX), CCISO
• 8+ years of experience in cybersecurity, information assurance, information system security engineering (ISSE), or information system security management (ISSM) roles supporting federal or DoD environments.
• Demonstrated experience supporting cloud-based cybersecurity and authorization efforts, including FedRAMP and DoD cloud security requirements.
• Experience managing and maintaining Authority to Operate (ATO) packages within the Risk Management Framework (RMF).
• Working knowledge of FedRAMP authorization processes and DISA Cloud Access Point (CAP) requirements.
• Experience implementing and assessing NIST SP 800-53 security controls and supporting RMF activities in accordance with DoD 8510.01.
• Experience conducting security assessments, vulnerability management, and continuous monitoring activities using tools such as ACAS and SCAP.
• Knowledge of DISA Security Technical Implementation Guides (STIGs), Security Requirements Reviews (SRRs), and compliance validation processes.
• Familiarity with DoD cybersecurity policies, directives, and information security regulations.
• Demonstrated experience performing security risk assessments, threat modeling, vulnerability analysis, and risk mitigation planning.
• Experience supporting compliance efforts related to RMF, FISMA, FedRAMP, and NIST cybersecurity standards and guidance.
• Experience leading multiple cloud or enterprise systems through initial ATO and subsequent reauthorization activities, including direct interaction with Authorizing Officials (AOs), Security Control Assessors (SCAs), and government stakeholders.
• Experience managing authorization activities within eMASS.
• CCSP (Certified Cloud Security Professional)
• CRISC (Certified in Risk and Information Systems Control)
• AWS Certified Security – Specialty, AWS Solutions Architect, or other relevant AWS certifications
• GIAC certifications (GSEC, GCLD, GSLC, GCSA, or similar)
• Strong analytical, critical thinking, and problem-solving skills.
• Ability to manage multiple priorities and deadlines in a fast-paced environment.
• Excellent written and verbal communication skills, including the ability to communicate technical concepts to both technical and non-technical stakeholders.
• Demonstrated ability to work independently while collaborating effectively across engineering, operations, and compliance teams.
• DoD/DoW Secret clearance is required

Nice To Haves

• Experience supporting FedRAMP Moderate or High cloud environments.
• Working knowledge of cloud service models, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
• Hands-on experience supporting cloud environments within AWS.
• Experience using GitLab to support secure software development and DevSecOps processes.
• Experience leveraging Splunk or similar SIEM platforms for security monitoring, incident investigation, and compliance reporting.
• Experience developing Assessment & Authorization (A&A) documentation from inception, including SSPs, SARs, POA&Ms, Contingency Plans, and related RMF artifacts.
• Experience supporting security assessments, control validation activities, and authorization reviews in federal or DoD environments.
• Familiarity with DevSecOps, Infrastructure as Code (IaC), and cloud-native security practices.

Responsibilities

• Serve as the designated ISSM for the system boundary and maintain cybersecurity for cloud architecture.
• Ensure that Information Owners (IOs) and stewards associated with DoD or FedRAMP information received, processed, stored, displayed, or transmitted on each cloud system are identified in order to establish accountability, access approvals, and special handling requirements.
• Maintain all cybersecurity-related documentation, compliance requirements, objectives, policies, personnel, and cybersecurity processes and procedures.
• Manage all cloud system POA&M items in the FedRAMP and eMASS systems and ensure continuous monitoring requirements are met.
• Ensure that incident response and contingency plans, tests, and reviews are synchronized and coordinated with affected parties and organizations.
• Ensure implementation of information system (IS) security measures and procedures, including reporting incidents to the Agency PMO and appropriate reporting chains, and coordinating system-level responses to unauthorized disclosures in accordance with DoD Manual 5200.01, Volume 4, for CUI.
• Act as a cybersecurity technical advisor for stackArmor Agency projects.
• Ensure that cybersecurity-related events or configuration changes that may impact stackArmor cloud systems' authorization or security posture are formally reported to the Authorizing Official (AO) and other affected parties, such as IOs, stewards, and AOs of interconnected DoD ISs.
• Ensure the secure configuration and approval of IT below the system level (i.e., products and IT services) in accordance with applicable guidance prior to acceptance into or connection to a DoD IS or PIT system.
• Review FedRAMP and DoD Provisional Authority (PA) artifacts to understand the risk that the AO will inherit for the customer and represent the organization in audits, assessments, and agency reviews.

Benefits

• Health/Dental/Vision
• 401(k) match
• Paid Time Off
• STD/LTD/Life Insurance
• Referral Bonuses
• professional development reimbursement
• parental leave