Information Systems Security Manager (ISSM)

The Information Systems Security Manager (ISSM) is responsible for overseeing the cybersecurity posture of Scientific Systems' classified information systems, ensuring full compliance with applicable Department of Defense (DoD) and Intelligence Community (IC) policies. This role supports multiple programs, including Collateral, TS/SCI, and Special Access Programs (SAP/SAR), guiding them through the Risk Management Framework (RMF) lifecycle and ensuring proper implementation of technical and procedural security controls.

The ISSM develops and maintains all necessary documentation and compliance activities to support system accreditation, continuous monitoring, and cyber risk mitigation, serving as a key interface with Authorizing Officials (AOs), Information System Owners.

Essential Functions:

• Develop and maintain the formal Information System (IS) security program and associated policies for assigned systems and programs.

• Lead the implementation of RMF-compliant cybersecurity strategies aligned with JSIG, ICD 503, NIST SP 800-53, STIGs, and customer-specific requirements.

• Oversee development and continuous maintenance of System Security Plans (SSPs), POA&Ms, risk assessments, and system-specific security documentation.

• Provide technical and procedural IS security guidance to internal stakeholders and program teams across the organization.

• Ensure continuous monitoring, auditing, patch management, and vulnerability scanning in support of a secure and compliant operating environment.

• Manage incident response for cybersecurity events and system vulnerabilities, including coordination with the AO/DAO as appropriate.

• Lead or support recurring security inspections, customer assessments, internal self-inspections, and audit preparation.

• Implement and enforce configuration management (CM) policies and baseline control of hardware/software.

• Coordinate with ISSOs, FSOs, and IT staff for secure operations, including facilities alignment with ICD-705 / DoD O-5205.07 Volume 3 standards.

• Support cross-domain solutions, interconnection requests, and the secure transfer of data between information systems.
• Ensure classified systems are properly decommissioned, sanitized, and disposed of per DoD and agency-specific guidelines.

• Develop and oversee an effective IS security education, training, and awareness program for system users and support staff.

• Lead, mentor, and support a team of cybersecurity and security professionals, fostering collaboration and professional development.

Basic Qualifications:

• Must have an Active Top Secret / SCI clearance with current SAP eligibility.
• Must have prior ISSM work experience.

• Bachelor’s Degree with 3+ yrs of exp or Associate’s degree with 5+ years exp or Master’s Degree with 2+ yrs of exp in relevant cybersecurity experience.

• Minimum of 5 year’s of experience supporting Special Access Programs, with deep knowledge of classified cybersecurity, physical security, and compliance management.

• Proven experience implementing RMF and legacy frameworks such as JAFAN 6/3, DCID 6/3, and DoDIIS standards.

• Prior experience working with compliance tools including eMASS, audit tools, data labeling, virus scanning, and secure file transfer procedures.

• Demonstrated experience with relevant policies and standards: DoD O-5205.07 Vol. 1–4, ICD 503, ICD 705.

• Experience with DoD 5105.21-M-1, AFMAN 14-304, NISPOM / DAAPM

Preferred Qualifications

• Prior experience working directly with DCSA, DARPA, IARPA, NRO, or other IC/DoD mission partners.

• Experience with system accreditation and authorization packages in eMASS.

• Familiarity with cross-domain and interconnected systems processes.

• Understanding of facility security requirements for SAP spaces, including SCIF and SAPF construction.

• Strong communication and interpersonal skills, with the ability to collaborate across technical and operational teams.

• Excellent problem-solving, risk-based decision-making, and critical thinking abilities.

• Ability to sit or stand at a desk and work on a computer for prolonged periods of time.

• May require the ability to push/pull/lift up to 15 pounds .

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Public Holidays)
• Family Leave (Maternity, Paternity)
• Short Term & Long Term Disability
• Work From Home
• Free Food & Snacks
• Wellness Resources
• Onsite Gym
• Hybrid Work Schedule