Security Manager

About The Position

Requirements

• Minimum 10 years of experience in information security, with at least 5 years supporting federal security compliance programs
• Minimum 3 years serving in an ISSO, ISSM, or equivalent role supporting systems requiring ATO
• Demonstrated experience obtaining and maintaining Authority to Operate (ATO) under federal frameworks (FISMA/NIST RMF)
• Proven experience developing and maintaining security documentation including SSP, POA&M, SAR, RAR, and Contingency Plans
• Demonstrated experience with NIST 800-53 controls and CMS Acceptable Risk Safeguards (ARS) or equivalent frameworks
• Experience managing vulnerability remediation in accordance with federal SLAs (e.g., 15/30/90-day remediation timelines)
• Hands-on experience with continuous monitoring tools and practices (e.g., AWS GuardDuty, Security Hub, SIEM tools)
• Experience supporting security audits, assessments, and penetration testing activities
• Knowledge of HIPAA privacy and security requirements for handling PII/PHI data
• Enthusiastic, proactive, positive attitude and high integrity
• Excellent organizational skills, strong attention to detail and ability to effectively manage architectures supporting multiple users
• Ability to think and act strategically and proactively approach projects and issues
• Able to work under pressure and to be flexible with changing priorities
• Able to find innovative ways to solve problems
• A genuine interest in looking for opportunities to add value and grow your area of responsibility
• Bachelor's degree in Cybersecurity, Information Assurance, Computer Science, or related field is required
• Excellent written and verbal communication skills
• Ability to convey technical information to non-technical individuals
• Demonstrated experience communicating effectively across internal and external organizations
• Ability to work well in a matrixed team environment

Nice To Haves

• CISSP certification is desired.

Responsibilities

• Lead all ATO lifecycle activities, including assessments, renewals, and documentation
• Manage vulnerability remediation aligned with CMS SLAs
• Implement continuous monitoring and threat detection processes
• Maintain security documentation (SSP, POA&M, SAR, etc.)
• Coordinate audits, assessments, and compliance reviews
• Ensure compliance with HIPAA, FISMA, ARS, and CMS policies
• Collaborate with CMS security teams and external stakeholders
• Integrate security into DevOps pipelines (DevSecOps)
• Develop and implement cyber security strategies (including Security Roadmap and Management Plan), policies, and guidelines for the customer based on industry best practices
• Define and maintain Enterprise Governance Policies and ensure compliance with policies
• Develop and maintain a Security Roadmap and Security Management Plan for the customer
• Design and maintain Enterprise Security Reference Architecture
• Design and implement common security services for the organization
• Ensure SDLC adherence to security architecture and policies
• Participate in enterprise security analysis and task prioritization
• Define and implement Identity and Access Management policies and procedures to include Authentication & Authorization, Identity Storage and Data Integration and User management