Information Systems Security Manager (ISSM)

About The Position

Requirements

• US Citizenship and Possess an Active TS/SCI Clearance.
• In compliance with DoD Cyber Workforce 8570.01
• Experience applying abstract security requirements, including NIST 800-53 version 5 controls to information systems.
• Experience in an advisory environment and communicating technical subjects to clients.
• Knowledge of supporting the development or modification of System Security Plans, security requirements, and supporting documentation for the Assessment and Authorization process.
• Ability to ensure all products and administrative documentation is completed and maintained, including continuity and historical reference, and design, develop, and implement network security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation.
• Must meet position and certification requirements outlined in DoD Directive 8570.01 / 8140 for Information Assurance Management Level 2 or 3 (IAM Level II / III).
• 5+ years of experience leading and implementing the Assessment and Authorization process under Risk Management Framework for new and existing information systems.
• 4+ years of experience reviewing assessment reports and assisting projects in identifying security risks, including technical and non-technical, and developing effective mitigation strategies, including Plan of Action and Milestones.

Nice To Haves

• Familiar with DIA assessments and accreditation documentation within the XACTA management platform.
• Familiar with eMASS - ENTERPRISE MISSION ASSURANCE SUPPORT SERVICES platform.
• Excellent interpersonal skills, including the ability to work on multi-functional teams.
• Display detailed knowledge and understanding of multiple technology infrastructures.
• Ability to serve as a principal advisor on all matters, technical and otherwise, involving the security of an IS.
• Exhibit individual initiative to influence events and achieve goals.
• Be proactive and a self-starter, going beyond specific job responsibilities to ensure goals are achieved or exceeded.

Responsibilities

• Leads the development, implementation, and sustainment of the organization’s cybersecurity program in accordance with NIST SP 800-53, and RMF guidance.
• Oversees continuous monitoring, vulnerability management, and cybersecurity inspections.
• Coordinates with Command leadership CIO/CDAO/CISO offices, and external stakeholders to ensure alignment with enterprise cybersecurity strategy.
• Manages cybersecurity workforce roles in accordance with DoD 8140/8570 requirements.
• Supervises ISSOs and contractors, provides technical direction.
• Ensures consistent implementation of cybersecurity policies, RMF requirements, and security controls across all supported systems.
• Serves as Deputy RMF Supervisor for all assigned information systems.
• Oversees system categorization, control selection, implementation, assessments, and authorization package development.
• Ensures timely submission and maintenance of system Security Plans (SSPs) POA&Ms, Security Assessment Reports (SARs), and other RMF artifacts.
• Coordinates with the Authorizing Official (AO), Security Control Assessor (SCA), and system owners to achieve and maintain Authorization to Operate (ATO).
• Ensures continuous monitoring activities are executed and documented.
• Oversees vulnerability scanning, STIG compliance, patch management, and security tool deployment (e.g., ACAS, HBSS/ESS, EDR).
• Provides cybersecurity training, awareness, and guidance to system owners, administrators and users.
• Prepares for and supports cybersecurity inspections, audits, and readiness assessments (e.g., CORA, IG and JCIP inspections).
• Represents the organization at cybersecurity working groups, technical exchanges and governance boards.
• Supervises ISSOs and contractors, provides technical direction.
• Ensures consistent implementation of cybersecurity policies, RMF requirements, and security controls across all supported systems.
• Mentors junior ISSOs, system administrators, and mission partners on RMF processes and best practices.
• Supports cyber assessments, inspections, red/blue team activities, and incident response planning.
• Conducts audits to identify how well controls are delivered/supported and potential opportunities for improvement with stakeholders.
• Provides reports, briefs, and POAM creation for findings.
• Ability to read, review, and consolidate ACAS scans, DISA STIGS, and Information Assurance Vulnerability Management (IAVM) results.
• Travel as necessary for customer projects, technology expositions, and corporate meetings.

Benefits

• health
• life
• disability
• financial
• retirement benefits
• paid leave
• professional development
• tuition assistance