Info Systems Security Manager (ISSM)

Systems Planning and Analysis

About The Position

Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing Results that Matter. Come work with the best! We offer opportunity, unique challenges, and clear-sighted commitment to the mission. SPA: Objective. Responsive. Trusted. The Space and Intelligence Division provides professional services to the US Space Force, Combatant Commands, Intelligence Community, and NASA. Our work includes enterprise architectural assessments, systems engineering and integration, test, planning and execution, cost estimating and analysis, acquisition support, and cybersecurity. We are trusted partners developing approaches and concepts to meet emerging high priority needs, assessing cutting-edge technologies, and supporting capabilities for our National Defense. Come join the fastest growing Division at Systems Planning and Analysis, Inc.! The Space Systems Group (SSG), part of SPA’s Space and Intelligence Division, provides timely and objective assessments and recommendations integrating technical, operational, programmatic, policy and business analysis. We focus on our key clients in the Space community including the US Space Force’s Space Systems Command (USSF/SSC), one of the three designated Field Commands under USSF. We work tirelessly to provide integrated solutions based on information and communications throughout the chain of command. We provide clear and consistent analysis and recommendations which are aligned to strategic and leadership goals while balancing the ability to execute on time and on budget within the technical communities. Come join an organization responsible for being a key enabler of Spacepower! SPA has an immediate need for an Information System Security Manager (ISSM). The Information Systems Security Manager (ISSM) is responsible for the end-to-end cybersecurity posture of the KM Platform across all environments, classifications, and mission systems—current and future. This role leads the cybersecurity branch within Systems Engineering and directs a team of ISSEs/ISSOs to ensure security is not a compliance afterthought, but a continuously enforced, operational capability embedded into the platform. The ISSM owns the integrity of the platform’s authorized boundary, ensuring that security remains consistent, scalable, and resilient as the platform evolves. This role establishes and enforces the security model that enables application teams to deliver rapidly and confidently by removing security as a source of variability, rework, or delay.

Requirements

Active Top Secret clearance
Bachelor’s degree in relevant field of study from an accredited institution
10 years of relevant hands-on experience
Demonstrated experience leading a cybersecurity program or function, including directing ISSE/ISSO personnel and managing security strategy across multiple environments or classifications
Proven ability to own and maintain a system’s cybersecurity posture, ensuring alignment with ATO requirements and governing security frameworks across IL4–classified environments
Hands‑on background establishing and enforcing consistent security baselines, conducting security impact assessments, and governing changes through structured configuration‑management processes
Deep experience overseeing continuous monitoring, vulnerability management, remediation workflows, and automated enforcement of security requirements within DevSecOps pipelines
Strong track record interfacing with government cybersecurity stakeholders and auditors, communicating and defending security decisions, and ensuring predictable, secure paths to production

Responsibilities

Lead and manage the cybersecurity function, providing direction, prioritization, and oversight for all ISSE/ISSO personnel supporting the platform
Own and maintain the platform’s cybersecurity posture across all environments (IL4, IL5, IL6, and classified), ensuring alignment with ATO requirements and mission needs
Establish and enforce a consistent security baseline that persists across applications, environments, and time, eliminating variability in how security is applied
Govern all changes to the platform through a structured security impact and configuration management process to preserve the integrity of the authorized boundary
Oversee continuous monitoring, vulnerability management, and remediation processes to ensure risks are identified, prioritized, and resolved proactively
Ensure application onboarding integrates security requirements from the start and that enforcement is automated through DevSecOps pipelines (e.g., scanning, SBOM, policy enforcement)
Enforce least-privilege access, workload isolation, and auditability across all platform users, systems, and data
Serve as the primary authority and interface for cybersecurity with government stakeholders, Authorizing Officials, and external auditors
Drive standardization of security practices across teams, ensuring predictable, repeatable paths to production without rework or ambiguity
Integrate cybersecurity into platform engineering, DevSecOps, and operational workflows to enable secure continuous delivery at scale