Information System Security Manager (ISSM)

About The Position

Requirements

• Bachelor’s degree in cybersecurity, information assurance, computer science, or a related field, with 8-10+ years of experience in cybersecurity, information system security, or related technical field.
• Security+ certification is required; advanced certifications such as CISSP, CASP+, or CISM are preferred.
• Minimum 3-5 years experience of technical leadership experience
• Demonstrated experience working within the Risk Management Framework (RMF), including control implementation oversight, assessment readiness, authorization support and continuous monitoring.
• Hands-on familiarity with core cybersecurity toolsets including eMASS, STIGs/STIG Viewer, ACAS (Nessus/Tenable), and vulnerability scanning/assessment tools.
• Strong understanding of the Authorization to Operate (ATO) process, including the development and maintenance of Plan of Action and Milestones (POA&Ms) and other required RMF artifacts.
• Must be a US Citizen and have the ability to obtain and maintain favorable adjudication for a Tier-1 or a National Agency Check Investigation (NACI)

Nice To Haves

• Experience leading or supporting NIST SP 800-53 Rev 5 control implementation and tailoring activities to align with system requirements preferred.
• Familiarity with FedRAMP controls and cloud security frameworks (AWS, Azure, or hybrid cloud environments) is a plus.

Responsibilities

• Serve as the principal cybersecurity advisor to senior leadership, translating technical risk into mission and operational impact to support informed risk decisions.
• Direct cybersecurity resource planning, backlog prioritization, and workforce alignment to ensure coverage for execution, continuous monitoring, and high-risk remediation.
• Establish and oversee enterprise cybersecurity compliance while delegating execution to the ISSO and engineering staff while managing competing operational priorities.
• Own the cybersecurity governance framework, approving policies, standards, and system boundary definitions aligned to DoD 8500-series and NIST SP 800-53 Rev. 5.
• Provide strategic security architecture guidance to engineering and DevSecOps teams while enabling the team to focus on highest-risk activities.
• Lead cybersecurity readiness for SCAs and A&A events, directing artifact preparation, managing team tasking, and representing the program during AO and assessor engagements.
• Establish weekly prioritization cadence and backlog management to balance daily incident response with RMF sustainment activities.
• Provide technical oversight and quality review of RMF artifacts, eMASS packages, and POA&M remediation plans.
• Track and report enterprise cybersecurity KPIs including POA&M aging, vulnerability trends, and ATO sustainment health.

Benefits

• Competitive health care plans with savings accounts
• Dental and vision plans
• 401k with 100% company match up to 6%, with immediate vesting on company match
• Life and disability insurance
• Learning Management System with robust offerings
• Tuition Reimbursement Program
• Flexible working arrangements where possible
• 13 paid holidays per year
• Veterans’ focused Employee Resources Group with regular educational sessions and communications
• Leadership Development Program with multiple learning options