Information System Security Manager (ISSM)

About The Position

Requirements

• 5 years with BS/BA; 3 years with MS/MA; 0 years with PhD
• Clearance: Active TS/SCI clearance.
• Candidate must meet ONE of the following: Master’s degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR Relevant DoD/military training (examples: 4C‑FA26A; M09CHN1; A‑531‑0009; Information Systems Security Manager (Advanced) Playlist); OR Relevant professional certification or equivalent experience (examples: CISM, CISSP, CISSP‑ISSMP, FITSP‑M, GCIA, GCIH, GICSP, GSLC).
• Cybersecurity experience with ISSM/ISSO or senior security leadership roles supporting DoD or large enterprise environments.
• Deep knowledge of RMF/ATO lifecycle, NIST SP 800‑53 control families, FISMA, DISA STIGs/SRGs, continuous monitoring, and eMASS/RMF evidence workflows.
• Proven ability to produce and approve authorization artifacts (SSP, SAR, POA&M), manage accreditation timelines, and brief senior leadership on security posture and residual risk.
• Strong incident coordination experience, understanding of chain‑of‑custody, reporting channels, and coordination with higher authorities (ARCYBER/USCYBERCOM).
• Excellent stakeholder engagement, governance facilitation, and mentoring skills for security teams.

Nice To Haves

• Prior ARNG/DoD ISSM experience and familiarity with enterprise security strategy/planning (CsMP).
• Experience integrating security with DevSecOps, cloud authorization, and cross‑domain solutions.
• Advanced certifications (CISM, CISSP‑ISSMP, FITSP‑M) and demonstrated track record managing complex authorization packages and inspection readiness.

Responsibilities

• Oversee cybersecurity posture for multiple systems or an enterprise segment as the ISSM, directing ISSOs and technical teams in implementing RMF, FISMA, and DoD/Army policies.
• Define security strategies, risk tolerance application, and controls implementation approaches aligned with the Cybersecurity Strategy Plan, CsMP, and RMF Plan.
• Review and approve ISS documents, system security plans (SSPs), POA&Ms, incident response plans (IRPs), and compliance reports; brief leadership on risk, accreditation timelines, and inspection readiness.
• Coordinate with ARNG, RCC‑ARNG, ARCYBER, USCYBERCOM, and other authorities on significant issues, incident reporting, and enterprise‑wide process improvements.
• Provide authoritative guidance on control implementation, continuous monitoring, configuration management, and evidence collection for authorization packages.
• Lead security risk assessments, vulnerability remediation prioritization, and validation of mitigation effectiveness across assigned systems.
• Manage security governance activities, training/awareness for security personnel, and oversight of security operations supporting accreditation and audits.
• Drive improvements to security processes, produce decision‑grade security artifacts, and mentor ISSO/technical staff.