Information System Security Manager (ISSO)

About The Position

Requirements

• Bachelor’s degree in cybersecurity, information assurance, computer science, or a related field, with 5–8 years of experience in cybersecurity, information system security, or ISSO-related roles.
• Security+ certification is required; advanced certifications such as CISSP, CASP+, or CISM are strongly preferred.
• Demonstrated experience working within the Risk Management Framework (RMF), including control implementation, assessment, and authorization processes.
• Proficiency with key tools and platforms, including eMASS, STIGs/STIG Viewer, ACAS (Nessus/Tenable), and vulnerability scanning/assessment tools.
• Hands-on experience leading or supporting NIST SP 800-53 Rev 5 control implementation and tailoring activities to align with system requirements.
• Strong understanding of the Authorization to Operate (ATO) process, including the development and maintenance of Plan of Action and Milestones (POA&Ms) and other required RMF artifacts.
• Must be a US Citizen and have the ability to obtain and maintain favorable adjudication for a Tier-1 or a National Agency Check Investigation (NACI)

Nice To Haves

• In-depth knowledge of eMASS package creation and lifecycle management, from system inception through decommissioning, is highly desirable.
• Familiarity with FedRAMP controls and cloud security frameworks (AWS, Azure, or hybrid cloud environments) is a plus.
• Understanding of mobile system accreditation processes, including policies and compliance requirements, is a plus.
• Experience working with Computer-Aided Dispatch (CAD) systems or other mission critical operational technologies is a plus.

Responsibilities

• Ensure that systems comply with DoD 8500-series directives, NIST SP 800-53 controls, and other applicable federal security requirements.
• Monitor and enforce compliance with established security methodologies across all phases of system operations.
• Create and maintain comprehensive policies and procedures that detail security controls and system boundaries.
• Identify, document, and manage system vulnerabilities and mitigation strategies in POA&Ms.
• Act as a liaison between cybersecurity and technical teams to interpret and implement security controls effectively.
• Support engineering teams in ensuring that security requirements are appropriately addressed throughout the system lifecycle.
• Collaborate with Authorizing Officials (AOs), Security Control Assessors (SCAs), and other key personnel throughout the Assessment and Authorization (A&A) process.
• Participate in Security Control Assessments (SCAs), accreditation meetings, and compliance briefings.
• Prepare and submit required security documentation and artifacts for internal and external audits.
• On-call Support and Maintenance: Periodically, provide after-hours emergency support.
• Perform other tasks as directed.

Benefits

• Competitive health care plans with savings accounts
• Dental and vision plans
• 401k with 100% company match up to 6%, with immediate vesting on company match
• Life and disability insurance
• Learning Management System with robust offerings
• Tuition Reimbursement Program
• Flexible working arrangements where possible
• 13 paid holidays per year
• Veterans’ focused Employee Resources Group with regular educational sessions and communications
• Leadership Development Program with multiple learning options