Information Systems Security Manager
Indexed description
Key responsibilities will include, but are not limited to, the strategic implementation and oversight of robust cybersecurity measures such as endpoint protection, comprehensive vulnerability management programs, and diligent patch management protocols.
Duties
- Security Platform Management
- Administer and maintain cloud security posture management (CSPM) and vulnerability management platforms including Qualys, CrowdStrike, and Bitsight
- Design, build, and operate CrowdStrike solutions across cloud and cloud-native environments to enhance threat visibility, risk identification, and vulnerability remediation
- Information System Program Management
- Develop, implement, and maintain system security policies, plans and procedures in alignment with RMF, NIST 800 publications, DAAPM, and NISPOM requirements.
- Develop and maintain security architecture and security policies, principles and standards.
- Develop and validate baseline security configurations for operating systems, applications, and networking equipment.
- Authorization and Accreditation
- Manage the system lifecycle management process, including developing and maintaining security plans and documentation
- Risk Management and Compliance
- Perform and document risk assessments; manage POA&M’s with stakeholders to identify weaknesses, mitigation actions, and timelines; enforce configuration management and assess system changes for security impact.
- Knowledge of current and emerging threats/threat vectors.
- Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
- Knowledge of penetration testing principles, tools, and techniques.
- Participate in security investigations and compliance reviews, as requested by internal or external auditors.
- Continuous Monitoring and Auditing
- Implement continuous monitoring strategies; conduct regular audits and assessments to ensure controls remain effective and vulnerabilities are addressed promptly.
- Incident Response and Reporting
- Monitor for security incidents and vulnerabilities; manage incident response, system recovery, and reporting processes to restore security safeguards quickly and accurately.
- Provide second- and third-level support and analysis during and after a security incident.
- Assist security administrators and IT staff in the resolution of reported security incidents.
- Training and Awareness
- Develop and implement system security training and awareness program for all roles; brief users on security responsibilities and ensure training completion before access.
- Stakeholder Coordination
- Communicate regularly with stakeholders: FSO, SMO, managers, users, DCSA
- IT Administration
- Provide backup IT support when required.
- Oversee ISSO’s under their purview to ensure they follow established IS policies and procedures
- Assume ISSO responsibilities in the absence of the ISSO; maintain required IA certifications
- Ensure System Administrators (SA) monitor all available resources that provide warnings of system vulnerabilities or ongoing attacks
- Required Experiences
- Active DoD Secret Security Clearance preferred, US Citizenship required
- Bachelor’s degree in related discipline or equivalent work experience
- 5+ years in Information Security, Cybersecurity, or Information Assurance roles.
- Proven experience leading or managing ATO/RMF activities, including system authorization, POA&M management, security assessments, and continuous monitoring.
- Strong understanding of Risk Management Framework, DAAPM, NIST 800-53, NIST 800-171 & Security control implementation and validation
- Experience supporting or maintaining compliance with CMMC, ITAR/EAR, DFARS 252.204-7012, Controlled Unclassified Information (CUI) requirements
- Excellent written and verbal communication skills
- Experience conducting security risk assessments, vulnerability management, incident response coordination, and audit readiness activities.
- Ability to work directly with executive leadership, auditors, assessors, engineering teams, and system owners.
- eMASS administration and package management.
- Experience preparing organizations for CMMC assessments.
- Experience securing cloud environments (Azure Government, GCC High, AWS GovCloud).
- Managing SSPs, POA&Ms, SARs, and security documentation.
- Third-party audit support (CMMC, NIST, customer, or regulatory audits).
- Supply chain and defense-industrial-base (DIB) security requirements.
- CISSP
- CGRC (formerly CAP)
- CISM
- Security+
- CISA
- PMP
- None.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search