Information System Security Manager (ISSM)

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related technical field. (Equivalent professional experience may be considered in lieu of a degree).
• Minimum of 5–7 years of experience in Information Assurance (IA) or Cybersecurity, with specific experience managing systems under the Risk Management Framework (RMF)
• Demonstrated expertise in NIST SP 800-53, 32 CFR Part 117 (NISPOM), and Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Guide (DAAG).
• IAM Level II or III: Must possess a current, baseline certification in good standing. Valid certifications include: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CGRC / CAP (Certified in Governance, Risk, and Compliance), CASP+ (CompTIA Advanced Security Practitioner)
• Ability to obtain a secret clearance or higher.
• RMF Lifecycle Management: Minimum of 5–7 years of direct experience performing Information System Security Manager (ISSM) or Officer (ISSO) duties, specifically navigating the Risk Management Framework (RMF) steps 1–6.
• Technical System Architecture & Build: Proven experience building and configuring secure information systems from the ground up. The candidate must possess the technical expertise to install, harden, and integrate hardware and software components within a classified environment.
• Regulatory Expertise: Proven track record of managing classified systems in compliance with 32 CFR Part 117 (NISPOM), DAAG, and NIST SP 800-53 security controls.
• Vulnerability Management: Hands-on experience performing technical security assessments, including the use of ACAS/Nessus scanners and the implementation of DISA STIGs.
• Artifact Development: Experience authoring and maintaining critical security documentation, including System Security Plans (SSP), Plans of Action and Milestones (POA&M), and Security Assessment Reports (SAR).
• Privileged User Oversight: Experience managing and auditing privileged users and ensuring the integrity of automated audit logs and system accounting.

Nice To Haves

• Construction & Certification: Prior experience as a lead or coordinator for the physical build-out and government accreditation of a classified information system.
• Government Tools: Advanced proficiency with the Enterprise Mission Assurance Support Service (eMASS) or Xacta for system authorization tracking.
• Audit Leadership: Previous experience leading a facility through a DCSA Security Review or a government Command Cyber Readiness Inspection (CCRI).
• Cryptographic Hardware: Experience configuring and maintaining TACLANE or other HAIPE encryption devices.
• Project Management: Experience managing cross-functional teams (IT, Facilities, and Security) to meet strict project deadlines for system activation.

Responsibilities

• Ensure consistent departmental safety standards and procedures across facilities.
• Address systemic safety concerns and implement standardized solutions.
• Perform Security Impact Analysis for all proposed system modifications to ensure they do not negatively affect the authorized security posture.
• Develop and maintain comprehensive System Security Plans (SSP), Risk Assessment Reports (RAR), and Security Control Traceability Matrices (SCTM) within eMASS.
• Oversee technical security scans using ACAS[CG1.1]/Nessus [CG2.1]and ensure all hardware and software adhere to DISA STIGs (Security Technical Implementation Guides).
• Provide technical and administrative support to the FSO during investigations of classified system security incidents, including malicious activity and data spills, in coordination with government authorities.
• Orchestrate the Assessment and Authorization (A&A) lifecycle for a classified information system, serving as the primary technical advisor to the Authorizing Official (AO).
• Manage the lifecycle of Plans of Actions and Milestones (POA&Ms), ensuring all findings are tracked, mitigated, and reported through official government channels.
• Develop and deliver annual security awareness training and specialized briefings for privileged and general users.
• Partner with the Facility Security Officer (FSO) to provide guidance on general security issues.
• Maintain audit-ready records and lead preparations for government security reviews.
• Facilitate cross-functional security coordination among information security officers and system owners, ensuring all activities align with senior security leadership directives and organizational goals.
• Other assigned duties by the FSO related to any responsibility of BIW’s Industrial Security program.
• Implement a robust Continuous Monitoring (CONMON) strategy to detect unauthorized changes or anomalies in the authorized security baseline.