ISSM

About The Position

Requirements

• 5+ years of experience in Information Security planning, including artifact creation, documentation, and policy development.
• Prior performance in roles such as ISSO, ISSM, ISSP, or Auditor.
• 4+ years in a Security Analyst or similar role, with hands-on exposure to security operations.
• 4+ years of systems administration or other practical IT experience.
• DoD 8570 IAM Level I or higher certification (e.g., Security+, CAP, GSLC).
• Proven ability to perform, and support internal and external security audits.
• Strong proficiency in reading, writing, comprehension, typing, and working with office/web applications.

Nice To Haves

• Experience with eMASS for managing security authorization packages and compliance documentation.
• Bachelor’s Degree a Plus, in related field (Computer Science / Cybersecurity / Computer Information Systems, etc.)

Responsibilities

• Performing audits and assessments of internal information systems to ensure integrity and compliance.
• Challenging the status quo and championing security best practices across the organization.
• Investigate security alerts, coordinate vulnerability assessments, and validate configuration compliance across enterprise systems.
• Developing, updating, and maintaining security documentation including policies, System Security Plans (SSP), SOPs, POA&Ms, system diagrams, and related compliance documentation supporting regulatory & certification requirements that align with frameworks such as RMF, NIST 800-171, CMMC, ISO 27001, and UK Cyber Essentials.
• Coordinating and supporting third-party audits and certification activities in partnership with IT and oversight teams. Track remediation activities and ensure closure of security findings.
• Driving consistent maintenance rhythms and enforcing standards for IT system health and security.
• Work closely with IT manager, and provide guidance to IT on secure provisioning, configuration baselines, patching, backups, and system hardening for Windows and Linux environments.
• Provide security guidance and recommendations to leadership on risk decisions, system changes, and security priorities across the organization.
• Assist in the selection and distribution of employee directed training modules for annual security, insider threat, and cyber training program, ensuring completion across the organization.
• Provide cyber security guidance to leadership, IT, and operational teams, translating technical risks into practical business decisions. Monitor and report on security posture metrics, vulnerabilities, and compliance status to leadership.
• Develop, maintain, and manage clear, professional, audit-ready security documentation, and coordinate with internal teams to ensure required policies, user agreements, SOPs, system and information flow diagrams, security plans, and compliance artifacts are complete, accurate, and aligned with organizational and regulatory requirements, using tools such as Word, Excel, and Visio.
• Establish and maintain continuous monitoring processes to ensure ongoing compliance with security controls and regulatory requirements. Identify opportunities to simplify processes, strengthen controls, and improve overall security posture without adding unnecessary complexity.
• Maintain awareness of emerging threats and evolving compliance requirements, ensuring the organization stays ahead of risk. Support incident response activities and ensure lessons learned are incorporated into security processes and controls.
• Promote a culture of security awareness and accountability across the organization.

Benefits

• Excellent medical, dental, and vision plans
• Life insurance at 2.5x your annual base salary
• Comprehensive wellness program and amenities
• Short and long-term disability insurance
• Paid time off and company-observed holidays
• 401(k) with employer match
• Jaxon Kitchen Fridays, our end-of-week tradition where the team gathers for good food, good company, and a chance to unwind the work week together.
• Annual Golf Tournament that brings out everyone’s competitive spirit; pros, rookies, and “I’m just here for the cart snacks” people alike.
• A Christmas Event Like No Other, legendary for a reason; traditions, surprises and the kind of magic only Jaxon can pull off. AND a Kids’ Christmas Celebration that brings out the joy, the crafts, and the wide-eyed wonder of the season.
• Super Bowl Party because friendly rivalry, good food, and loud cheering are practically part of our job description. And of course, the day after the super bowl is a company paid holiday, because we believe in recovery, rest, and reliving the best plays and commercials.