Information Systems Security Manager (ISSM)

United States·ArlingtonFull-Timemid

OtherInformation Systems Security Manager

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

Ready to make connectivity from space universally accessible, secure and actionable? Then you’ve come to the right place! E-Space is bridging Earth and space to enable hyper-scaled deployments of Internet of Things (IoT) solutions and services.

Key Responsibilities

Technical Tools

typescriptcybersecuritylinuxmentoring

Ready to make connectivity from space universally accessible, secure and actionable? Then you’ve come to the right place!

E-Space is bridging Earth and space to enable hyper-scaled deployments of Internet of Things (IoT) solutions and services. We are building a highly-advanced low Earth orbit (LEO) space system that will fundamentally change the design, economics, manufacturing and service delivery associated with traditional satellite and terrestrial IoT systems.

We’re intentional, we’re unapologetically curious and we’re 100% committed to innovate space-based communications and deliver actionable intelligence that will expand global economies, protect space and our planet and enhance our overall quality of life.

THE ROLE:

The Information Systems Security Manager (ISSM) serves as the primary authority responsible for the cybersecurity posture and compliance of all classified information systems operating within a Top Secret possessing facility under a Department of Defense (DoD) Facility Clearance (FCL). This role is pivotal in ensuring the organization meets all requirements set forth by the National Industrial Security Program Operating Manual (NISPOM), the Defense Counterintelligence and Security Agency (DCSA), and applicable Intelligence Community Directives (ICDs).

The ISSM will serve as the authoritative point of contact to the Cognizant Security Authority (CSA) and Government Contracting Activity (GCA) for all matters relating to the authorization, operation, and continuous monitoring of classified information systems, including Sensitive Compartmented Information (SCI) systems where applicable

• Lead the Assessment and Authorization (A&A) process for all classified IS under the Risk Management Framework (RMF) in accordance with NIST SP 800-37 and DAAPM.

• Prepare, maintain, and submit System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and Authorization to Operate (ATO) packages.

• Serve as the primary liaison with DCSA and Government customer representatives during system assessments, inspections, and audits.

• Maintain and manage the System Security Authorization Agreement (SSAA) or equivalent documentation for all IS operating at the TS level or above.

• Ensure all classified information systems comply with 32 CFR Part 117 (NISPOM), applicable DoD and IC cybersecurity policies, Contract Data Requirements List (CDRLs), and Statement of Work (SOW) security requirements.

• Develop, implement, and maintain facility-level Information Systems Security policies, procedures, and Standard Operating Procedures (SOPs).

• Enforce configuration management (CM) controls and ensure all hardware/software changes to classified IS are reviewed and approved prior to implementation.

• Conduct periodic self-inspections of classified IS programs and remediate findings in coordination with the FSO and program leadership.

• Implement and manage a Continuous Monitoring (ConMon) program for all authorized classified information systems.

• Monitor audit logs, SIEM alerts, and vulnerability scan results; investigate anomalies and potential insider threats.

• Serve as the Facility Incident Response Manager for classified information system security incidents; coordinate reporting to DCSA and GCAs within required timeframes.

• Conduct or oversee technical vulnerability assessments and penetration testing as required by the CSA or contract requirements.

• Oversee ISSM-delegated Information System Security Officer (ISSO) personnel; provide mentorship, task delegation, and performance oversight.

• Develop and deliver annual IS security awareness training and role-based training for users of classified information systems.

• Maintain personnel access records and access control lists (ACLs) for all classified IS; ensure need-to-know verification prior to system access grants.

• Coordinate with the FSO to ensure the integration of personnel security and information security requirements.

• Coordinate with facilities and physical security teams to ensure IS are housed in appropriately accredited spaces (SCIFs, Closed Areas, SAPs) in accordance with ICD 705 and DCSA physical security standards.

• Manage and enforce media protection, sanitization, and destruction procedures for classified storage media in accordance with NSA/CSS EPL requirements.

• Oversee PKI, multi-factor authentication (MFA), and privileged access management (PAM) implementations across classified networks

• Active Top Secret (TS) security clearance; SCI eligibility required or must be obtainable within 6 months of hire.

• Minimum of 10 years of progressive experience in information systems security within a DoD or Intelligence Community classified environment with 5 or more year’s direct experience as an ISSM, ISSP, Security Control Assessor (SCA), or equivalent position

• Demonstrated ISSM or ISSO experience supporting DCSA-adjudicated classified IS programs under NISPOM/DAAPM.

• A minimum of 3 years of direct working knowledge of the NIST RMF process (NIST SP 800-37, 800-53, 800-171) and DoD Assessment Methodology (DAAPM).

• Experience preparing and managing ATOs, SSPs, SAPs, and POA&Ms for TS and SCI-level information systems.

• Proficiency with eMASS (Enterprise Mission Assurance Support Service) or equivalent GRC tool.

• Working knowledge of SIEM platforms, vulnerability scanners (e.g., ACAS/Nessus), and HBSS/endpoint security tools.

• IAM Level II or III certification required per DoD 8570.01-M / DoD 8140 (e.g., CISSP, CISM, GSLC, or equivalent).

• Master’s degree or Bachelor's degree with equivalent work experience and certifications in Cybersecurity, Information Technology, Computer Science, or a related technical discipline, OR equivalent verifiable experience.

• Current TS/SCI access with polygraph (CI or Full Scope).

• Experience supporting Special Access Programs (SAPs) or Sensitive Compartmented Information Facilities (SCIFs).

• Familiarity with Cross Domain Solutions (CDS), data transfer processes, and CDSE/NSA approval workflows.

• Experience with LINUX and Windows hardened STIG baseline implementation and validation.

• Knowledge of ICD 503, ICS 500-27, and CNSSI 1253 security control overlays.

• Prior DCSA inspection experience (NISP, SAP, or SCI programs).

• Additional certifications such as CASP+, CCSP, Security+, or CEH are a plus.

• Direct experience managing the system lifecycle of connected classified systems including Secret Defense Research and Engineering Network (SDREN), Secret Internet Protocol Router Network (SIPRNET), Non-classified Internet Protocol Router Network (NIPRNET, and Joint Worldwide Intelligence Communications System (JWICS) systems .