Information Systems Security Manager

Role Overview

CHAOS Industries seeks an experienced Information Systems Security Manager (ISSM) to serve as the primary security authority for classified information systems across one or more Program Security Authorization Boundaries (PSABs). The ISSM will be responsible for the end‑to‑end security posture of program systems, driving risk management decisions, and ensuring compliance with applicable government regulations and contractual requirements. This role interfaces directly with government Authorizing Officials (AOs), Program Managers, and cross‑functional engineering teams to sustain Authorization to Operate (ATO) for complex, multi‑domain environments.

• Authorization & Compliance
  • Develop, maintain, and submit system Security Authorization Packages in accordance with NIST SP 800‑37 RMF, ICD 503, JSIG, and DAAPM frameworks.
  • Manage the full lifecycle of ATOs including continuous monitoring, annual reviews, and Plan of Action & Milestones (POA&Ms).
  • Serve as the primary liaison to government AO/ISSM/ISSO community for all classified system authorization activities.
  • Ensure compliance with DCSA, DSS, and applicable IC community security policies across all assigned programs.
• System Security Engineering & Risk Management
  • Conduct and review security assessments, risk analyses, and vulnerability scans (Nessus, ACAS, SCAP) to identify and remediate risks.
  • Develop and maintain System Security Plans (SSPs), Security Concept of Operations (CONOPS), hardware/software baseline documentation, and interconnection agreements.
  • Evaluate proposed changes to hardware, software, and firmware for security impact; approve or reject changes in accordance with the Configuration Management (CM) process.
  • Oversee implementation and validation of STIG/SRG hardening requirements across Windows, Linux, and network infrastructure.
• Personnel & Program Support
  • Supervise and mentor ISSOs supporting assigned programs; provide guidance and review of ISSO‑generated artifacts.
  • Conduct security briefings, annual refresher training, and onboarding education for cleared program personnel.
  • Investigate and report security incidents, anomalies, and potential compromise events in accordance with reporting requirements.
  • Support program proposal activities including security cost estimates, security architecture inputs, and DD254 reviews.
• Audit & Continuous Monitoring
  • Implement and oversee continuous monitoring strategies including log management, audit trail reviews, and SIEM integration.
  • Conduct periodic self‑inspections, security reviews, and audit activities; track findings to closure.
  • Coordinate with Facilities Security Officers (FSOs) and Physical Security personnel to ensure integrated program protection.

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related technical discipline. Equivalent experience considered in lieu of degree.
• 8+ years of experience in information security with a minimum of 4 years serving in an ISSM or senior ISSO role on classified U.S. Government programs.
• Demonstrated experience managing RMF‑based ATOs for classified systems (Secret, Top Secret, TS/SCI) under ICD 503, JSIG, or DAAPM.
• Experience with ACAS/Nessus, SCAP tools, and security technical implementation guidance (STIGs).
• Hands‑on experience with Windows Server, RHEL/CentOS, VMware, and network security architectures.
• IAM Level III certification required: CISSP, CISM, or GSLC (IAW DoD 8570.01-M / DoD 8140).
• Active Secret clearance required at time of hire; TS/SCI eligibility preferred or required depending on program assignment.

• Active TS.
• Experience with Special Access Programs (SAPs), Sensitive Compartmented Information Facilities (SCIFs), or Special Access Facilities (SAFs).
• Familiarity with Cross Domain Solutions (CDS), multi‑level security architectures, or Type 1 encryption devices.
• Knowledge of CMMC Level 2/3 requirements and their intersection with classified program requirements.
• Experience with cloud security (AWS Gov Cloud, Azure Government) within classified or CUI environments.
• Prior experience working with DCSA, NSA, DIA, or Air Force ISSM community personnel.
• Additional certifications: CAP, Security+, CASP+, CEH, or equivalent.

• Health Benefits:
  
  Medical, dental, and vision benefits 100% paid for by the company.
• Additional benefits: 401k (50% company match up to 6% of pay), FSA, HSA, life insurance, and more.
• Our Perks:
  Free daily lunch, No meeting Fridays, unlimited PTO, casual dress code.
• Compensation Components:
  Competitive base salaries, generous pre‑IPO stock option grants, relocation assistance, and annual bonuses.
• Team Growth: 250 employees and counting across 5 global offices.

Targeted base compensation range: $140,000 - $200,000. This reflects only the base salary and excludes additional earnings such as bonus, equity, and benefits. Actual salary offer may vary based on experience, education, and other factors.