Information System Security Manager; ISSM

Job Description

The Information System Security Manager (ISSM) is the primary cybersecurity authority for the assigned classified information system. This role is responsible for end‑to‑end security oversight, from system authorization to continuous monitoring, ensuring 100% compliance with DoD 8510.01 (RMF) and 32 CFR Part 117 (NISPOM). You will serve as the strategic advisor to the Facility Security Officer (FSO) and government partners, bridging the gap between technical IT operations and overarching industrial security goals.

Beyond standard oversight, the ISSM serves as the Lead Coordinator for the architecture, build‑out, and certification of the classified information system, synchronizing technical engineering, physical security requirements, and government accreditation to ensure the system reaches Full Operational Capability (FOC).

All offers are conditional until an interim security clearance is granted by DCSA (Defense Counter Intelligence and Security Agency). This position requires you to obtain a government security clearance. You must be a U.S. citizen and capable of obtaining a secret clearance or higher and starting employment within 45 days of clearance approval.

• Ensure consistent departmental safety standards and procedures across facilities.
• Address systemic safety concerns and implement standardized solutions.

• Perform Security Impact Analysis for all proposed system modifications to ensure they do not negatively affect the authorized security posture.
• Develop and maintain comprehensive System Security Plans (SSP), Risk Assessment Reports (RAR), and Security Control Traceability Matrices (SCTM) within eMASS.

• Oversee technical security scans using ACAS/Nessus and ensure all hardware and software adhere to DISA STIGs.
• Provide technical and administrative support to the FSO during investigations of classified system security incidents, including malicious activity and data spills, in coordination with government authorities.
• Orchestrate the Assessment and Authorization (A&A) lifecycle for a classified information system, serving as the primary technical advisor to the Authorizing Official (AO).
• Manage the lifecycle of Plans of Actions and Milestones (POA&Ms), ensuring all findings are tracked, mitigated, and reported through official government channels.

• Develop and deliver annual security awareness training and specialized briefings for privileged and general users.

• Partner with the Facility Security Officer (FSO) to provide guidance on general security issues.
• Maintain audit‑ready records and lead preparations for government security reviews.
• Facilitate cross‑functional security coordination among information security officers and system owners, ensuring all activities align with senior security leadership directives and organizational goals.
• Other assigned duties by the FSO related to any responsibility of BIW’s Industrial Security program.

• Implement a robust Continuous Monitoring (CONMON) strategy to detect unauthorized changes or anomalies in the authorized security baseline.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related technical field (equivalent professional experience may be considered).
• Minimum of 5–7 years of experience in Information Assurance (IA) or Cybersecurity, with specific experience managing systems under the Risk Management Framework (RMF).
• Demonstrated expertise in NIST SP 800‑53, 32 CFR Part 117 (NISPOM), and DCSA Assessment and Authorization Guide (DAAG).
• IAM Level II or III:
  Must possess a current, baseline certification in good standing. Valid certifications include CISSP, CISM, CGRC/CAP, CASP+.

• Ability to obtain a secret clearance or higher.
• RMF Lifecycle Management:
  Minimum of 5–7 years of direct experience performing ISSM or ISSO duties, specifically navigating the RMF steps 1–6.
• Technical System Architecture & Build:
  Proven experience building and configuring secure information systems from…