Information Systems Security Manager

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related technical discipline. Equivalent experience considered in lieu of degree.
• 8+ years of experience in information security with a minimum of 4 years serving in an ISSM or senior ISSO role on classified U.S. Government programs.
• Demonstrated experience managing RMF-based ATOs for classified systems (Secret, Top Secret, TS/SCI) under ICD 503, JSIG, or DAAPM.
• Experience with ACAS/Nessus, SCAP tools, and security technical implementation guidance (STIGs).
• Hands-on experience with Windows Server, RHEL/CentOS, VMware, and network security architectures.
• IAM Level III certification required: CISSP, CISM, or GSLC (IAW DoD 8570.01-M / DoD 8140).
• Active Secret clearance required at time of hire; TS/SCI eligibility preferred or required depending on program assignment.

Nice To Haves

• Active TS.
• Experience with Special Access Programs (SAPs), Sensitive Compartmented Information Facilities (SCIFs), or Special Access Facilities (SAFs).
• Familiarity with Cross Domain Solutions (CDS), multi-level security architectures, or Type 1 encryption devices.
• Knowledge of CMMC Level 2/3 requirements and their intersection with classified program requirements.
• Experience with cloud security (AWS GovCloud, Azure Government) within classified or CUI environments.
• Prior experience working with DCSA, NSA, DIA, or Air Force ISSM community personnel.
• Additional certifications: CAP, Security+, CASP+, CEH, or equivalent.

Responsibilities

• Develop, maintain, and submit system Security Authorization Packages in accordance with NIST SP 800-37 RMF, ICD 503, JSIG, and DAAPM frameworks.
• Manage the full lifecycle of ATOs including continuous monitoring, annual reviews, and Plan of Action & Milestones (POA&Ms).
• Serve as the primary liaison to government AO/ISSM/ISSO community for all classified system authorization activities.
• Ensure compliance with DCSA, DSS, and applicable IC community security policies across all assigned programs.
• Conduct and review security assessments, risk analyses, and vulnerability scans (Nessus, ACAS, SCAP) to identify and remediate risks.
• Develop and maintain System Security Plans (SSPs), Security Concept of Operations (CONOPS), hardware/software baseline documentation, and interconnection agreements.
• Evaluate proposed changes to hardware, software, and firmware for security impact; approve or reject changes in accordance with the Configuration Management (CM) process.
• Oversee implementation and validation of STIG/SRG hardening requirements across Windows, Linux, and network infrastructure.
• Supervise and mentor ISSOs supporting assigned programs; provide guidance and review of ISSO-generated artifacts.
• Conduct security briefings, annual refresher training, and onboarding education for cleared program personnel.
• Investigate and report security incidents, anomalies, and potential compromise events in accordance with reporting requirements.
• Support program proposal activities including security cost estimates, security architecture inputs, and DD254 reviews.
• Implement and oversee continuous monitoring strategies including log management, audit trail reviews, and SIEM integration.
• Conduct periodic self-inspections, security reviews, and audit activities; track findings to closure.
• Coordinate with Facilities Security Officers (FSOs) and Physical Security personnel to ensure integrated program protection.

Benefits

• Medical, dental, and vision benefits 100% paid for by the company
• 401k (+ 50% company match up to 6% of pay)
• FSA
• HSA
• life insurance
• Competitive base salaries
• generous pre-IPO stock option grants
• relocation assistance
• annual bonuses