Information Systems Security Manager - Secret or TS clearance required

About The Position

Requirements

• More than five (5) years (with degree or 7+ without) of practical experience in a Cybersecurity, Engineering, Test & Evaluation (T&E), or Assessment & Authorization (A&A, formerly C&A) related field.
• Working knowledge of the Risk Management Framework (RMF) process and prior experience with DIACAP or similar legacy processes.
• Experience supporting C&A/A&A activities, including the development and maintenance of IA/security documentation (e.g., SSPs, POA&Ms, test plans, and assessment reports).
• Experience with Information Assurance tools such as DISA Enterprise Mission Assurance Support Service (eMASS) and Assured Compliance Assessment Solution (ACAS).
• Demonstrated ability to evaluate security solutions and technical implementations to ensure they meet security requirements for systems processing up to classified information.
• Experience supporting or performing security control assessment activities in coordination with SCAs, system owners, and engineering teams.
• Strong understanding of DoD and/or Navy cybersecurity policies, directives, and guidance, and how they are applied to real systems and programs.
• Ability to communicate effectively with technical and non‑technical stakeholders, clearly articulating risks, findings, and recommended mitigations.

Nice To Haves

• Experience serving as a Security Control Assessor (SCA) or holding a Full Security Control Assessor qualification.
• Experience supporting Navy or other DoW programs through full lifecycle RMF activities from initial accreditation through continuous monitoring.
• Hands‑on experience with vulnerability management, patch management, and remediation tracking in operational environments.
• Experience supporting cybersecurity in conjunction with system engineering and T&E activities (e.g., test planning, execution, and reporting for security controls).
• Familiarity with secure architecture and design principles, including network segmentation, boundary protection, and defense‑in‑depth.
• Relevant cybersecurity certifications (e.g., Security+, CISSP, CAP, CISM, or similar).

Responsibilities

• Support all aspects of program Information Assurance (IA) and cybersecurity processes, tailored to the system and mission, under Certification & Accreditation (C&A) and/or Assessment & Authorization (A&A) frameworks.
• Apply working knowledge of the Risk Management Framework (RMF)—and, where applicable, legacy DIACAP processes—to support security categorization, control selection, implementation, assessment, authorization, and continuous monitoring activities.
• Assist with the preparation, review, and maintenance of security documentation and process artifacts (e.g., SSPs, POA&Ms, security control traceability, test results) required to obtain and maintain an Authority to Operate (ATO).
• Evaluate security solutions and technical implementations to ensure they meet security requirements for processing up to classified information in accordance with applicable DoW and Navy policies and guidance.
• Support, maintain, and in some cases supervise the operational security posture for assigned information systems or programs, including monitoring, vulnerability management, and remediation coordination.
• Utilize IA and cybersecurity tools such as DISA Enterprise Mission Assurance Support Service (eMASS) and Assured Compliance Assessment Solution (ACAS) to document, track, and report on security control implementation and system risk.
• Coordinate with system engineers, test and evaluation (T&E) teams, and Security Control Assessor (SCA) representatives to plan, execute, and document security testing and assessments.
• For more senior responsibilities, assist in the development and refinement of system security policies and ensure compliance with change management and configuration management processes.
• Plan and coordinate IT security program activities and policies in support of command leadership mission and goals, providing recommendations to improve the overall cybersecurity posture.

Benefits

• We recruit, retain, and foster a team motivated to pursue passions, investigate new ways of doing things, and embody an innovative and entrepreneurial spirit.
• We believe in being curious about every element of a problem and experiment relentlessly.
• We foster continuous learning in an environment that encourages positive collaboration and expands our capabilities.
• We tap into collective intelligence, acknowledging that the most brilliant people may not be in the room.
• Above all else, we believe that delivering and demonstrating is more potent than a sheet of paper.
• We are passionate about mission-centric design and delivering effective capabilities to and for the warfighter.
• PMAT is an equal-opportunity employer.
• We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture.
• We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.