Information System Security Manager (ISSM)

We are seeking a highly skilled and innovative Information System Security Manager (ISSM) to join our team in the greater DMV area, supporting the Army National Guard.

Responsibilities

• Oversee cybersecurity posture for multiple systems or an enterprise segment as the ISSM, directing ISSOs and technical teams in implementing RMF, FISMA, and DoD/Army policies.
• Define security strategies, risk tolerance application, and controls implementation approaches aligned with the Cybersecurity Strategy Plan, CsMP, and RMF Plan.
• Review and approve ISS documents, system security plans (SSPs), POA&Ms, incident response plans (IRPs), and compliance reports; brief leadership on risk, accreditation timelines, and inspection readiness.
• Coordinate with ARNG, RCC‑ARNG, ARCYBER, USCYBERCOM, and other authorities on significant issues, incident reporting, and enterprise‑wide process improvements.
• Provide authoritative guidance on control implementation, continuous monitoring, configuration management, and evidence collection for authorization packages.
• Lead security risk assessments, vulnerability remediation prioritization, and validation of mitigation effectiveness across assigned systems.
• Manage security governance activities, training/awareness for security personnel, and oversight of security operations supporting accreditation and audits.
• Drive improvements to security processes, produce decision‑grade security artifacts, and mentor ISSO/technical staff.

#ENOCS

Qualifications

• 5 years with BS/BA; 3 years with MS/MA; 0 years with PhD

• Clearance: Active TS/SCI clearance.

• Candidate must meet ONE of the following:

  • Master’s degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR
  • Relevant DoD/military training (examples: 4C‑FA26A; M09CHN1; A‑531‑0009; Information Systems Security Manager (Advanced) Playlist); OR
  • Relevant professional certification or equivalent experience (examples: CISM, CISSP, CISSP‑ISSMP, FITSP‑M, GCIA, GCIH, GICSP, GSLC).

• Required experience and skills:

  • Cybersecurity experience with ISSM/ISSO or senior security leadership roles supporting DoD or large enterprise environments.
  • Deep knowledge of RMF/ATO lifecycle, NIST SP 800‑53 control families, FISMA, DISA STIGs/SRGs, continuous monitoring, and eMASS/RMF evidence workflows.
  • Proven ability to produce and approve authorization artifacts (SSP, SAR, POA&M), manage accreditation timelines, and brief senior leadership on security posture and residual risk.
  • Strong incident coordination experience, understanding of chain‑of‑custody, reporting channels, and coordination with higher authorities (ARCYBER/USCYBERCOM).
  • Excellent stakeholder engagement, governance facilitation, and mentoring skills for security teams.

• Desired:

  • Prior ARNG/DoD ISSM experience and familiarity with enterprise security strategy/planning (CsMP).
  • Experience integrating security with DevSecOps, cloud authorization, and cross‑domain solutions.
  • Advanced certifications (CISM, CISSP‑ISSMP, FITSP‑M) and demonstrated track record managing complex authorization packages and inspection readiness.

#ENOCS