Information Systems Security Manager

About The Position

Requirements

• Five years of professional experience in DoD cybersecurity and compliance, managing security authorizations, conducting risk assessments, and maintaining cybersecurity bodies of evidence
• Certification as required by DoD 8140 (formerly DoD 8570) for ISSM role (e.g. Security+, CISSO, CCSP, CCISO, etc.)
• Demonstrated familiarity with NIST Risk Management Framework (RMF), NIST 800-53 security controls, DoD Instruction 8510.01, and EMASS processes
• Experience coordinating with Authorizing Officials, SCA/SCAR teams, program teams, engineers, and other stakeholders throughout the authorization process
• Familiarity with security and compliance scanning tools such as ACAS, Nessus, SCAP, etc.
• Proven ability to lead technical teams and manage complex compliance timelines
• Must be available to travel up to 40% of the time
• Currently hold or have the ability to obtain United States Secret security clearance

Nice To Haves

• Bachelor’s or higher degree in Cybersecurity, Information Assurance, or related technical field
• Additional advanced certifications such as CISM, CISSP, or GIAC GSLC
• Four or more years of experience as a lead ISSM, particularly in a prime contractor or program office role
• Deep knowledge of DoD cybersecurity policies including STIGs, SRGs, FIPS, Common Criteria, and NIAP validation standards
• Understanding of tactical network architectures, hardware security, and software supply chain security
• Experience with industry-standard project management, analytical, and documentation tools such as Microsoft Office/Project/Teams/Visio, Atlassian suite, and eMASS
• Experience with DevSecOps practices and security automation tools

Responsibilities

• Direct and manage all Authorization to Operate (ATO) and Risk Management Framework (RMF) compliance efforts for DoD systems
• Coordinate with and respond to the Authorizing Official (AO) office regarding ATO-specific items, timelines, and requirements
• Conduct comprehensive documentation audits and updates to ensure ATO/RMF compliance for regular authorization renewals
• Provide expert compliance and risk analysis inputs for proposed system changes, integrations, and technology insertions
• Compile comprehensive risk assessments and lead the submission of EMASS packages through authorization workflows
• Collaborate with cybersecurity engineers to ensure thorough, timely risk remediation
• Collaborate with network engineers, cybersecurity engineers, and Information Systems Security Officers (ISSOs) to ensure the currency and accuracy of system documentation
• Direct incident response exercises and vulnerability and compliance scanning activities at all levels of the system to reduce or eliminate active threats
• Maintain comprehensive understanding of system architecture, boundaries, and interconnections to support security assessment and authorization activities
• Ensure compliance with NIST 800-53 security controls, DoD cybersecurity policies, and applicable Security Technical Implementation Guides (STIGs)
• Lead continuous monitoring activities and manage Plan of Action and Milestones (POA&M) to maintain continuous authorization status

Benefits

• Persistent Systems, LLC offers a comprehensive benefits package including medical, dental, vision, life, and disability insurance; paid time off (sick time and vacation time); flexible spending accounts; 401(k) plan with company match; fitness membership reimbursement; tuition assistance; mental health benefits; and pet discounts.