Information Systems Security Manager - ISSM (hybrid)

Ishpi Information Technologies, Inc•Philadelphia, PA

17h•Hybrid

About The Position

ISHPI Information Technologies, Inc. (DBA ISHPI) is dedicated to delivering technical solutions that meet our customers' business needs. Through collaborative interactions with customers, team members, subject matter experts (SMEs), technical leaders, and partners, we design practical solutions that solve real problems for major government and business organizations. As a member of our group, you will collaborate with a team dedicated to delivering innovative business solutions that leverage emerging technologies through proven, successful methods.

Requirements

Bachelor's degree in Computer, Electrical, or Electronics Engineering or Mathematics from an accredited university; OR CNSSI 4012 or 4013 or 4014 or 4015 or 4016 Certificate OR NDU CISOcertificate OR successful completion of at least one of the following military training courses: NEC 2780 (CIN: A-531-0022) or 2779 (CIN: A-531-0009) or 2781 (CIN:A-531-0045) (or DoD Service equivalent).
Required three (3) to five (5) years of related experience.
Demonstrated experience supporting Authority to Operate (ATO) maintenance through Continuous Monitoring (CM) activities in accordance with DoD, Navy, and NAVSEA RMF policies.
Hands-on experience assessing, documenting, and validating NIST SP 800-53 security controls within DoD or Navy environments.
Proven ability to perform system-level continuous monitoring (SLCM) aligned with approved System Security Plans (SSPs).
Experience managing and maintaining complete RMF packages throughout the system lifecycle.
Practical experience using DoD-approved vulnerability assessment tools, including: Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), Evaluate-STIG, eMASSter.
Advanced experience working within Enterprise Mission Assurance Support Service (eMASS), including: SSP development and maintenance, Control implementation and inheritance, Plans of Action and Milestones (POA&M) tracking and updates.
Proven ability to identify, evaluate, remediate, and mitigate both technical and non-technical vulnerabilities.
Experience analyzing scan results, risk ratings, and compliance gaps, and providing actionable remediation recommendations.
Ability to coordinate with system owners, engineers, and stakeholders to resolve findings.
Experience supporting and conducting annual security reviews in accordance with the RMF Process Guide (RPG), NAVSEA Business Rules, and NAVSEA SOPs.
Demonstrated knowledge of Navy Authorizing Official (NAO) and Functional Authorizing Official (FAO) processes.
Experience documenting, assessing, and obtaining approvals for system changes within RMF and NAVSEA governance frameworks.
Experience developing and maintaining Integrated Master Schedules (IMS) for RMF and cybersecurity-related projects.
Strong ability to produce clear, precise security documentation suitable for audits, inspections, and authorization decisions.
Ability to track milestones, deliverables, and compliance timelines across multiple systems or projects.
Strong analytical and problem-solving skills with a risk-based approach to cybersecurity.
Ability to work independently while collaborating effectively across technical and non-technical teams.
Strong written and verbal communication skills, particularly in communicating security risk and compliance status to leadership.
Ability to obtain and maintain one of the following certifications: CCNA-Security, CySA+ , Security+ CE, GICSP, GSEC, CND or SSCP.
Requires U.S. Citizenship and an active government security clearance.

Nice To Haves

A degree concentration in computer science is highly desired.
Active related certification preferred.

Responsibilities

Maintain AO Approvals and Authorizations to Operate (ATOs) by performing Continuous Monitoring (CM) activities IAW DoD, Navy, and NAVSEA policy, guidelines, and directives.
Assess, document, and review NIST SP 800-53 security controls IAW DoD, Navy, and NAVSEA policy, guidelines, and directives.
Perform automated vulnerability assessments utilizing DoD, Navy, and NAVSEA approved tools such as Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), Evaluate-Stig, and eMASSter.
Perform annual security reviews IAW the RMF Process Guide (RPG), NAVSEA Business Rules, and NAVSEA Standard Operating Procedures (SOPs).
Document, assess, and seek approval for system changes IAW Navy Authorizing Official (NAO) and Functional Authorizing Official (FAO) guides as documented in the NAVSEA Business Rules.
Manage and maintain RMF packages in Enterprise Mission Assurance Support Service (eMASS) IAW DoD, Navy, and NAVSEA policy, guidelines, and directives.
Perform System Level Continuous Monitor (SLCM) IAW approved System Security Plans (SSPs) in eMASS.
Maintain eMASS Plans of Action and Milestones (POA&M).
Develop and maintain project integrated master schedules for RMF projects.
Evaluate, remediate, and mitigate technical and non-technical vulnerabilities.