Information Systems Security Manager / Officer (ISSM / ISSO)

About The Position

Requirements

• A minimum of 8 years of overall experience, with at least 4 years of specialized experience in:
• Defining computer security requirements for high-level applications
• Evaluating approved security product capabilities
• Identifying and resolving computer security issues
• Extensive experience with the Risk Management Framework (RMF) and hands-on use of eMASS & XACTA
• Proven ability to review and analyze Assured Compliance Assessment Solution (ACAS) vulnerability scan results, validate findings, and support remediation efforts
• Proficiency with Security Technical Implementation Guides (STIGs) and associated automation tools such as: SCAP STIG Viewer eMASSter
• Strong technical foundation with familiarity in:
• Virtualization technologies
• Basic networking concepts
• Cloud architecture and implementation
• Industry cybersecurity best practices
• Expert-level knowledge of cybersecurity principles, tools, and practices
• In-depth understanding of Federal and DoD cybersecurity regulations and policies
• US Citizenship Required
• DoDD 8570.01M Information Assurance Manager level III baseline certification required.
• TESA eligibility/certification required.
• Clearance: Top Secret

Responsibilities

• Manage the secure development and authorization of new USAFE-AFAFRICA systems, from inception to full operational capability, leveraging NIST security frameworks.
• Serve as the primary cybersecurity point of contact for USAFE-AFAFRICA systems, ensuring compliance with security policies, procedures, and regulations while providing timely updates on threats, risks, and authorization status to stakeholders.
• Perform all necessary procedures to protect information system assets, including overseeing the accreditation and certification of USAFE-AFAFRICA systems in accordance with DoD, Intelligence Community, and agency-specific requirements.
• Prepare and submit System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and risk assessment documentation; collaborate with Authorizing Officials (AOs) to achieve and maintain Authorization to Operate (ATO) status.
• Conduct regular reviews of DISA STIGs, analyze ACAS vulnerability scans, and provide remediation feedback to maintain compliance and support continuous monitoring under RMF.
• Develop and recommend policies and procedures to ensure information system reliability, availability, and security; perform security evaluations, audits, and reviews to identify vulnerabilities and mitigate risks.
• Create and maintain RMF control family documentation and ensure adherence to established procedures.
• Recommend and implement training programs to educate users on cybersecurity policies and procedures; participate in network and system design to ensure appropriate security controls are integrated from the start.
• Ensure the rigorous application of information security policies, principles, and practices across all IT services.
• Perform ISSM duties as defined in AFMAN 17-101 and DoDI 8510.01 for assigned systems and applications.
• Stay current with applicable DoD and NIST RMF publications, including NIST 800-53, 800-60, 800-37, and DoDI 8540.01.

Benefits

• 401K with company match
• Comprehensive health and wellness packages
• Internal mobility team dedicated to helping you own your career
• Professional growth opportunities including paid education and certifications
• Cutting-edge technology you can learn from
• Rest and recharge with paid vacation and holidays