Information Systems Security Manager
About The Position
The Information Systems Security Manager (ISSM) is responsible for managing the security posture of an organization’s information systems, applications, and enclaves throughout their lifecycle. They oversee security compliance, risk management, and policy implementation, often serving as the primary advisor to senior management on security issues such as NIST, FISMA, FedRAMP, DIACAP, and RMF. The ISSM supports authorization and assessment activities, maintains continuous monitoring programs, and responds to incidents to safeguard the confidentiality, integrity, and availability of systems and data. Lastly, the ISSM will help manage the day-to-day activities of various Information Systems Security personnel (ISSO, ISSE, etc.). Serving as the principal advisor to the Information System Owner (ISO) and the Chief Information Security Officer (CISO), the ISSM provides subject matter expertise and management on all security matters related to assigned systems. This includes supporting development of and maintaining security documentation, coordinating with technical staff and external partners, as well as ensuring that security controls remain effective throughout the system lifecycle. The ISSM plays a central role in authorization activities (directly or managing) ensuring that information systems remain compliant, resilient, and aligned with federal and agency policy.
Requirements
- Master's degree in IT, Cybersecurity, Data Science, Information Systems, or Computer Science.
- One-and-one- half (1.5) years of additional experience can substitute for one (1) year of a typical degree program
- Minimum 10 years of experience as a Information Systems Security Officer (ISSO)
- Minimum 4 years of experience managing the day-to-day tasks of ISSO, ISSE’s, or other cybersecurity personnel.
- A minimum of one (1) DoD 8140 certification or the ability to obtain a certification within six (6) months of onboarding which may include one or more of the following: SASP, SSCP, CCISO, CCSP, CISSP-ISSMP, CGRC/CAP, CISM, CompTIA: Cloud+, Security+ CE, Security X, FITSP-M, SANS: GCIA, GCIH, GCSA, GICSP, CSEC, and/or GSLC
- A project management professional (PMP) certification or other project management certification demonstrating management competence.
- Active Secret security clearance with ability to obtain Top Secret security clearance.
Responsibilities
- Risk Management Framework (RMF): Develops and maintains security authorization documentation for systems.
- Security Policies: Defines, implements, and enforces security policies, procedures, and standards.
- Compliance Monitoring: Performs regular audits, vulnerability assessments, and continuous monitoring to maintain security compliance.
- Incident Response: Coordinates security incidents, investigates violations, and implements corrective actions.
- Training & Awareness: Provides cybersecurity training to system users and mentorship to junior security staff.
- Strategic Planning: Advises senior management on security strategies and technical requirements.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
