Information System Security Manager (ISSM)

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field (or equivalent experience).
• 8+ years of experience in information security, with at least 3–5 years in an ISSM or senior cybersecurity leadership role.
• Hands-on experience with RMF, NIST SP 800-53, and DoD accreditation processes.
• Strong understanding of Windows systems, networks, and enterprise IT security controls.
• Excellent written and verbal communication skills, including experience interfacing with government customers.

Nice To Haves

• CISSP, CISM, or similar DoD 8570/8140-compliant certification.
• Experience in a prime defense contractor environment.
• Familiarity with CMMC implementation and assessments.
• Experience managing cybersecurity for multiple concurrent programs.
• Master’s degree in a related discipline.

Responsibilities

• Serve as the primary authority for information system security across enterprise and program-level systems.
• Develop, implement, and maintain system security policies, procedures, and standards in alignment with NIST SP 800-53, RMF, DoDI 8510.01, and applicable contract requirements.
• Oversee Authority to Operate (ATO) processes, including preparation, submission, and maintenance of RMF packages.
• Ensure continuous monitoring, risk assessment, and remediation of security vulnerabilities.
• Manage systems supporting DoD and federal programs.
• Coordinate security activities with IT Administration, Security Contractors, system owners, and program managers.
• Review system designs, architectures, and changes to ensure security requirements are met throughout the system lifecycle.
• Approve security-relevant changes and assess impact to system accreditation.
• Lead internal and external security audits, inspections, and assessments (e.g., DSS/DSCA, customer, internal).
• Ensure compliance with DFARS 252.204-7012, CMMC (current level as applicable), and other contractual cybersecurity requirements.
• Track and report Plan of Action & Milestones (POA&M) and risk posture to leadership and government stakeholders.
• Oversee cybersecurity incident response activities, including investigation, reporting, and corrective actions.
• Conduct risk assessments and recommend mitigation strategies to reduce cyber risk.
• Ensure timely vulnerability management, patching, and configuration compliance.
• Provide mentorship and guidance to IT administrators and cybersecurity staff.
• Partner with IT administrators, engineering, and network teams to implement secure solutions that support business and mission objectives.
• Brief executive leadership on security posture and risk.