Manager, IT Security

About The Position

Requirements

• BS/BA in Computer Science or Information Systems. Equivalent experience may be substituted for degree
• Minimum 10+ years cybersecurity experience as ISSO or ISM.
• Active Security+ required.
• Experience with NIST/FISMA frameworks and the RMF process.
• Understanding of hybrid environments (Cloud/On-prem) and the unique security requirements of OT/Industrial Control Systems.
• Proven ability to translate complex technical risks into actionable business language for non-technical stakeholders.
• Must be a U.S. citizen and able to obtain and maintain required clearances/badges as required by program and position.
• Must have the ability to communicate in English, both verbal and written in an effective manner.
• Must have and maintain a valid driver’s license.

Nice To Haves

• CISSP, CCSP (Certified Cloud Security Professional), CISM, or CCISO certifications are highly preferred.

Responsibilities

• Lead the transition toward a Zero Trust Architecture (ZTA), focusing on identity-centric security, least-privileged access, and continuous verification across all networks.
• Manage security requirements for Cloud and hybrid deployments, ensuring controls are integrated into the broader security strategy.
• Manage and report on critical contract performance metrics, ensuring all deliverables meet or exceed stakeholder expectations.
• Advise senior leadership on evolving risk levels, providing data-driven insights to inform mission-critical decisions.
• Lead the end-to-end A&A process to obtain and sustain Authorization to Operate (ATO).
• Ensure all artifacts within the NASA Information Security Management System are accurate and audit ready.
• Oversee the implementation of NIST-based technical and operational controls.
• Track audit findings and drive the closure of Plan of Action and Milestones (POA&Ms).
• Champion security awareness across the organization, ensuring both general and privileged users are equipped to defend against modern threats and malicious code.
• Development and maintenance of required system plans and policies: Configuration Management Plan (CMP), Contingency Plan (CP), Continuity of Operations (COOP) and Disaster Recovery Plan (DRP) (as required), and Incident Response Plan (IRP).
• Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Interconnection Agreements.
• Knowledge of supply chain security and supply chain risk management policies, requirements, and procedures.
• Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
• On occasion, work extended hours (other than normal business hours) to support contractual requirements to meet customer needs.

Benefits

• Health, dental, and vision insurance
• Paid time off and holidays
• Retirement benefits (including 401(k) matching)
• Educational reimbursement
• Parental leave
• Employee stock purchase plan
• Tax-saving options
• Disability and life insurance
• Pet insurance