Senior Information System Security Manager (ISSM)

About The Position

Requirements

• U.S. Citizen.
• Active DoW Top Secret security clearance; TS/SCI security clearance preferred (and ultimately required).
• Ability to work in a hybrid, remote/onsite capacity in Fairfax, VA (~3 days in office).
• Bachelor's degree in Computer Science; Cybersecurity, Information Systems Management; or similar Science, Technology, Engineering and Mathematics (STEM) discipline; Master’s degree preferred.
• 16+ years in cybersecurity, information assurance, or IT security, with 8+ years in a senior leadership, ISSM, or Security Architect role.
• Active DoW 8140/8570 IAT or IAM Level III certification (CISSP preferred; CISM, CASP+, or equivalent also acceptable).
• Extensive knowledge and hands-on proficiency with the following 5 cybersecurity frameworks, standards, and/or governing bodies:  1. NIST Special Publication 800-53, Revision 5 (Security and Privacy Controls for Federal Information Systems and Organizations) 2. NIST Risk Management Framework SP 800-37 (Guide for Applying the Risk Management Framework) 3. CNSS (Committee on National Security Systems Instructions), specifically CNSSI No. 1253 (often paired with NIST standards) 4. NISPOM (National Industrial Security Program Operating Manual) 5. DCSA DAAPM (Defense Counterintelligence and Security Agency Assessment and Authorization Process Manual)
• Extensive experience with: Full RMF lifecycle (A&A, ATO) Network architecture, cloud security (FedRAMP), data protection, encryption, and Cross Domain Solutions Threat modeling and analysis, vulnerability management, and leadership on incident response investigation/ remediation efforts  Offensive and defensive security techniques Security policy creation and enforcement, standard operating procedures (SOPs), and security plans Compliance Tools, including eMASS, XACTA, ACAS/Tenable Nessus, SCAP, and STIGs/SRGs Penetration Testing and/or Certified Ethical Hacking (CEH)
• Demonstrative knowledge and expertise with: DoW Information Technology and Cybersecurity best practices Windows Domain and Linux systems architectures Architecture, software design, networking, virtualization, and cloud-based technologies / infrastructure Distributed team management, including overseeing ISSOs, and guiding/directing subcontractors
• Prior accountability for: Liaising with Authorizing Officials (AO), Program Managers, and C-suite executives Managing security budgets, vendor risk, and long-term security architecture planning  Discovering and implementing evolving technologies, including AI/cloud integration Rendering High-risk security decisions
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

Nice To Haves

• Master’s degree preferred.
• Active DoW Top Secret security clearance; TS/SCI security clearance preferred (and ultimately required).
• Active DoW 8140/8570 IAT or IAM Level III certification (CISSP preferred; CISM, CASP+, or equivalent also acceptable).

Responsibilities

• Lead the creation and enforcement of enterprise-wide security policies, standards, and procedures to ensure compliance with federal and organizational mandates.
• Oversee full execution of the RMF process, including system categorization, security control selection, and continuous monitoring.
• Ensure systems adhere to regulations such as FISMA, NIST SP 800-series, and CMMC.
• Acquire and manage necessary resources, including budgets and specialized security personnel, to meet organizational security goals.
• Coordinate the preparation and maintenance of System Security Plans (SSP) and assessment packages to secure and maintain formal system authorizations to operate (ATO).
• Spearhead vulnerability assessments and audits, prioritizing remediation activities and interpreting technical threats for executive leadership.
• Lead high-level incident response efforts during security breaches, ensuring proper forensic investigations and post-event analysis.
• Oversee security-relevant configuration changes to hardware, software, and firmware, assessing their impact on systems’ operational security posture.
• Manage and mentor ISSOs and other cybersecurity professionals.
• Translate complex technical security challenges into business risk language for senior leadership and the C-suite.
• Institute organization-wide training programs to foster a security-conscious culture among all personnel.
• Act as the primary point of contact for external auditors, government customers, and regulatory bodies (e.g., DCSA or CISA).
• Support business development activities by enabling secure system authorizations (ATO) and ensuring compliance with CMMC and DFARS requirements.
• Facilitate growth by securing ATOs for new contracts, implementing CMMC/DFARS standards to win government bids, and fostering secure, scalable innovation.
• Work with cross-functional Corporate teams to align initiatives with ECS goals and objectives.
• Identify opportunities for continuous improvement and innovation.
• Other duties, as assigned.