Information System Security Manager/Officer (ISSM/O)

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
• Minimum 5-7 years’ experience in information security and risk management
• Extensive experience with DoD RMF processes and NIST cybersecurity frameworks
• Experience with both classified and unclassified system authorization processes
• Current DoD 8140.01 certification appropriate for ISSM/O role (typically IAM Level II or III)
• RMF-specific training and certification
• Continuous education to maintain certification currency
• Must possess or be able to obtain and maintain a Top-Secret security clearance
• Deep understanding of NIST RMF process and NIST SP 800-53 security controls
• Proficiency with security assessment and authorization tools
• Knowledge of vulnerability management and remediation processes
• Experience with security control assessment and testing methodologies
• Understanding of continuous monitoring technologies and processes
• Thorough knowledge of DoD, Air Force, and AFRL cybersecurity policies
• Understanding of FedRAMP, FISMA, and other federal security requirements
• Familiarity with multi-service (Army, Navy, Air Force) cybersecurity requirements
• Knowledge of privacy and data protection regulations
• Excellent written and verbal communication skills for technical and non-technical audiences
• Ability to effectively communicate security posture, risks, and RMF progress
• Strong collaboration skills for working with diverse stakeholders
• Leadership capabilities for organizing and conducting team meetings
• Ability to translate complex security requirements into actionable plans
• Achieve system authorizations within agreed-upon reasonable timelines
• Maintain 100% compliance with applicable security policies and directives
• Provide complete and accurate security documentation meeting all requirements
• Effectively support incident response activities when required
• Successfully implement and maintain continuous monitoring processes
• Position may require support across multiple AO boundaries based on program evolution
• Must be adaptable to changing cybersecurity landscape and emerging threats
• Requires coordination with sustainment teams for seamless system transitions
• May need to support complex systems requiring extensive documentation or remediation with adjusted timelines

Nice To Haves

• CISSP, CISA, or equivalent advanced cybersecurity certification preferred
• Preference will be given to those with a current Top-Secret clearance

Responsibilities

• Manage RMF processes to achieve system authorization primarily within S&T AO boundary
• Develop proactive planning strategies and efficient documentation processes
• Coordinate closely with system owners, authorizing officials, SCAs, and SCARs
• Develop and submit complete and accurate RMF packages that meet all applicable requirements
• Achieve Authority to Operate (ATO) or Interim Authority to Test and Evaluate (IATT) within reasonable timelines established with Government
• Implement and maintain security controls aligned with sustainment requirements
• Develop and update System Security Plans (SSPs) and control family plans
• Create and maintain directorate cybersecurity policies
• Remediate vulnerabilities identified by SCAs/SCARs within established timelines
• Ensure Continuous Monitoring (ConMon) compliance
• Facilitate smooth transition to sustainment ownership and operation
• Support risk management activities by providing documentation to SCAs/SCARs
• Develop and maintain risk management plans in coordination with assessment teams
• Serve as cybersecurity liaison between project teams and AO boundary representatives
• Assist project teams in creating and submitting RMF packages
• Support SCAs/SCARs with technical questions and documentation requirements
• Prepare and maintain required security documentation (SSPs, POA&Ms, etc.)
• Ensure documentation accuracy and compliance with applicable regulations
• Maintain version control processes and change management procedures
• Develop security-relevant documentation for future sustainment teams
• Create clear and complete documentation for system transitions
• Maintain current awareness of cybersecurity threats and vulnerabilities
• Ensure compliance with DoD, Air Force, and local security policies and directives
• Stay current on security guidance and ensure system compliance
• Monitor and report on ongoing compliance activities
• Support incident response activities including investigation, containment, eradication, and recovery
• Document incident response processes and procedures for sustainment
• Maintain familiarity with existing Incident Response Plans (IRP) for supported systems
• Provide effective and efficient incident response support
• Implement and maintain continuous monitoring processes for ongoing security compliance
• Design monitoring processes for sustainable execution after transition to sustainment
• Develop and implement monitoring strategies
• Analyze security logs and report on security status
• Create sustainable monitoring frameworks for long-term system operation
• Support implementation of new security technologies and processes
• Assist with security awareness training programs
• Participate in security audits and assessments
• Support development of security-related standard operating procedures
• Attend regular cybersecurity meetings (weekly, monthly, quarterly)
• Organize cybersecurity-focused team meetings for RMF activities

Benefits

• health, dental and vision insurance
• 401K with company matching
• flexible spending accounts
• paid holidays
• three weeks paid time off