The Information System Security Manager (ISSM) is responsible for applying and documenting Information System (IS) security principles, practices, and procedures under the Risk Management Framework (RMF) to maintain compliance with applicable security regulations such as NIST, CNSSI, and NISPOM as well as governing the development and management of classified information systems. This position requires the ISSM to be a strong advocate for integrating security into front-end requirements and overseeing the implementation and sustainment of security controls in all stages of the program lifecycle. This is not a hybrid or work from home position.

Responsibilities:

• Achieve and maintain Authorization to Operate for classified information systems
• Manages Risk Management Framework (RMF) process
• Leads and supports security assessments and audits
• Perform tasks to meet continuous monitoring requirements such as audit log reviews, security patching, and hardware/software configuration
• Lead the organization’s CMMC compliance program, ensuring alignment and adherence to DoD cybersecurity standards (NIST SP 800-171, etc.)
• Develop, document, and guide the implementation of practical, actionable information security policies, procedures, and controls aligned with CMMC and NIST standards (SSP, POAM, etc.)
• Continuously assess, refine, and manage the implementation of security controls across the enterprise architecture, using security metrics to drive improvements
• Provide clear technical guidance to the IT team on the implementation and operation of security measures
• Evaluate and recommend emerging cybersecurity technologies and best practices relevant to our environment
• Support the Facility Security Officer in other security disciplines such as COMSEC, physical security, document control, Insider Threat, OPSEC, and visit requests
• Perform other duties as assigned

Minimum Educational Qualifications & Requirements:

• Bachelor’s degree in an applicable field and at least five years of relevant experience
• Preferred Security+ (or equivalent) certified
• Ability to perform risk assessment and risk management for classified information systems
• Ability to obtain Security Clearance, for which the United States Government requires United States citizenship
• Strong written and verbal communication skills
• Ability to maintain organized and complete records
• Ability to prioritize competing demands and complete tasks on schedule

Minimum Previous Experience:

• 5+ years of progressive experience in information security
• Expertise in RMF and ATO processes
• Previous experience with classified information system security management and administration
• Proven ability to translate CMMC/NIST SP 800-171 requirements into documented, implementable procedures
• Experience maturing a cybersecurity program, including developing processes and documentation
• Strong background in defense contracts and classified information handling procedures.
• Experience implementing and assessing systems using DISA STIGs for Windows and Linux operating systems
• Experience in implementing and monitoring technical, administrative, and operational security controls

Other Preferred Skills:

• 3+ years of experience in assessing and documenting test or analysis data to show cybersecurity compliance to auditors
• Experience with Microsoft Intune, Azure, Active Directory, Group Policy, and System Administration
• Experience with submitting and managing accreditation packages to Enterprise Mission Assurance Support Service (eMASS)
• Use of automated vulnerability and compliance scanning tools such as Security Content Automation Protocol (SCAP), Compliance Checker (SCC), Security Technical Implementation Guides (STIGs), and Nessus
• Experience with SIPRNet installation, deployment, and management

• Achieve and maintain Authorization to Operate for classified information systems
• Manages Risk Management Framework (RMF) process
• Leads and supports security assessments and audits
• Perform tasks to meet continuous monitoring requirements such as audit log reviews, security patching, and hardware/software configuration
• Lead the organization’s CMMC compliance program, ensuring alignment and adherence to DoD cybersecurity standards (NIST SP 800-171, etc.)
• Develop, document, and guide the implementation of practical, actionable information security policies, procedures, and controls aligned with CMMC and NIST standards (SSP, POAM, etc.)
• Continuously assess, refine, and manage the implementation of security controls across the enterprise architecture, using security metrics to drive improvements
• Provide clear technical guidance to the IT team on the implementation and operation of security measures
• Evaluate and recommend emerging cybersecurity technologies and best practices relevant to our environment
• Support the Facility Security Officer in other security disciplines such as COMSEC, physical security, document control, Insider Threat, OPSEC, and visit requests
• Perform other duties as assigne