DoW Cloud Information Systems Security Manager (ISSM)

Tetrad Digital Integrity LLC•Washington, DC

About The Position

Tetrad Digital Integrity (TDI) is a cybersecurity firm built for high-consequence environments where mission, complexity, and trust intersect. Our single focus has been delivering cyber solutions to effectively manage risk & the business of cyber for 25 years! We are looking for an exceptional DoW Cloud ISSM to support RMF and security execution for a mission-critical, cloud-hosted defense system. This is a high-visibility engagement with frequent change, heavy stakeholder involvement, and a system treated as a high-value target. This is not a template ISSM role. We need a team player who is mission-focused operator who can execute with urgency, drive progress through ambiguity, and deliver customer excellence under pressure while partnering tightly with the Cybersecurity Program Lead.

Requirements

Active Secret or Top-secret clearance.
Role required security certification such as: ISM, CISSP (or Associate), GSLC, CCISO.
Demonstrated experience supporting or leading DoD RMF for modern systems, including authorization package contributions and post-ATO sustainment activities.
Strong working knowledge of NIST 800-53 and practical RMF execution (inheritance strategy, evidence planning, assessor/AO engagement support, and risk tradeoffs).
Hands-on cloud security experience (AWS/Azure/GCP) including IAM, logging/monitoring, networking, encryption/KMS, and secure architecture patterns; GCP experience preferred.
Experience with STIG implementation/validation in production environments.
Strong writing and communication skills: able to produce assessor- and customer-ready deliverables with minimal oversight in a high-change environment.
Demonstrated adoption of automation (scripts, repeatable workflows, and responsible AI-enabled methods) to reduce manual compliance effort and improve quality.
Comfort operating in high-change environments with CCBs, shifting priorities, and competing stakeholder demands.

Nice To Haves

Cloud certification (e.g., CCSP or cloud provider security / professional certs such as Google’s Professional Cloud DevOps Engineer, Professional Cloud Security Engineer, or Professional Cloud Network Engineer).

Responsibilities

Own high-tempo DoD RMF execution across all phases (categorization, control selection, implementation, assessment, authorization, and continuous monitoring) for modern cloud-hosted systems.
Apply DoD cloud security policies, NIST SP 800-53 controls, CNSS policies, and DoD-specific frameworks such as the Cloud Computing SRG and applicable AI-related guidance.
Develop and maintain RMF artifacts including SSPs, SARs, POA&Ms, control implementation details, evidence mappings, and assessor-ready supporting documentation.
Execute POA&M management with discipline: validate substantiation, track owners/dates, drive remediation follow-through, and ensure closure evidence is real and audit-ready.
Support security change governance activities (CCB inputs, impact analyses, drift detection) to keep authorization posture aligned with frequent system changes.
Conduct security engineering analysis for cloud-native and containerized workloads hosted in Google Cloud Platform (GCP), including baseline validation for Kubernetes/Docker environments.
Assist with threat modeling, vulnerability assessments, and risk analysis tailored to cloud environments and (as applicable) AI/ML and LLM components.
Partner with system architects, developers, DevSecOps, and platform teams to integrate security throughout the SDLC and translate requirements into actionable implementation steps.
Support SCAs and coordinate with third-party assessors by preparing artifacts, evidence packages, interview prep, and timely responses to requests for information (RFIs).
Monitor, track, and report security compliance posture through Continuous Monitoring (ConMon) processes and recurring metrics/dashboards.