Information Systems Security Manager (ISSM)

About The Position

Requirements

• Bachelor's degree in Computer Science/MIS-related area or equivalent work experience
• A minimum of 7 years of experience in planning and support of IT technology and/or security related systems
• A minimum of 2 years of leadership and management experience
• Experience and familiarity with cybersecurity related standards such as NIST 800-171; ISO27001/2
• Experience with cybersecurity system project design and implementation
• In-depth technical knowledge of security architectures, technologies, and best practices
• Ability to develop innovative approaches to problem solving
• Excellent client service and interpersonal skills
• Ability to communicate needs and new ideas with employees and management
• Ability to write technology evaluations and make recommendations to management
• Ability to work with vendors on service requests and other product issues
• Commitment to being an active participant in HDR employee-owned culture
• Experience in working with groups to establish priorities and manage expectations
• Self-starter, with the ability to handle multiple tasks and deadlines with minimal supervision
• Strong verbal and written communication skills
• Capable of performing tasks in a dynamic environment, many times working under tight delivery schedules

Nice To Haves

• Experience serving as an ISSM or Senior ISSO
• Strong working knowledge of NIST Risk Management Framework (RMF)
• Strong working knowledge of NIST SP 800-53 control families
• Experience with System Authorization (ATO) processes
• Experience with Continuous Monitoring and POA&M management
• Active or previously held U.S. security clearance (Secret or higher)
• Experience supporting DoD or DOE programs
• Familiarity with CMMC Level 2, ITAR, and CUI requirements
• Professional certifications such as CISSP, CISM, CAP, GSLC

Responsibilities

• Serve as the ISSM for assigned systems, overseeing compliance with NIST SP 800-53, RMF, and applicable federal security requirements
• Lead system authorization activities including SSP development, risk assessments, POA&M management, and ATO packages
• Ensure continuous monitoring programs are implemented and maintained
• Oversee security architecture, boundary definitions, and system interconnections
• Validate that security controls are properly implemented and operating as intended
• Coordinate vulnerability management, incident response, and remediation activities
• Serve as the primary security advisor to program leadership and system owners
• Interface with government customers, assessors, and authorizing officials
• Support audits, assessments, and external reviews (e.g., DCSA, customer audits)
• Contribute to the development and refinement of HDR information security policies and procedures
• Support workforce training and awareness related to system security responsibilities
• Mentor ISSOs and technical staff on RMF and compliance best practices