Program Information Systems Security Manager; ISSM - Tucson, AZ
Listed on 2026-06-18
-
IT/Tech
Cybersecurity, Information Security
Location:
Tucson, AZ. Position Type:
Onsite.
Security Clearance Requirement:
Active and transferable U.S. government issued security clearance (Secret) is required prior to start date. U.S. citizenship is required.
– Role Overview
The Program Information Systems Security Manager is responsible for compliance oversight, assessment, and operations of systems under their purview. They may be assigned to a single large-scale program or oversee multiple programs. ISSM also has cognizance of all collateral Classified Information System (CIS) at the Site per Commercial and Government Entity (CAGE) code as stipulated by various US Government requirements including National Industrial Security Operating Manual (NISPOM) and related documentation such as Risk Management Framework (RMF), Baseline Technical Security Configuration Standards, Defense Counter-Intelligence Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM) Customer/contract specific Cybersecurity regulations.
Components of the cybersecurity program include Assessment and Authorization (A&A) activities (documentation preparation, system configuration/validation, certification testing, etc.), security sustainment activities (hardware change management, software change management, account management, media protection, user interface, file transfers, etc.), conducting self-inspections, and delivering information systems security education and awareness. You will conduct recurring Cybersecurity reviews on information systems in accordance with DoD Manuals, NIST Special Publications, customer directives, and company policies as applicable.
You are responsible for the execution of the Raytheon Continuous Monitoring Plan as required by CA-2 Security Assessments. You’ll serve as subject matter experts (SME) on a broad range of Cybersecurity topics. You may represent the Cybersecurity organization and business unit to external Cybersecurity counterparts.
Cybersecurity Site ISSMs are required to maintain IAM Level III certification commensurate with their role as required by DoDD 8140 (8570). Complete all DCSA and Raytheon GSS required training within 6 months of appointment (annual requirements thereafter). Accountability for all systems under site CAGE: metrics, eMASS, Raytheon business process (RCAST), Continuous Monitoring (Con Mon) as described by Sr. ISSM. Maintaining a working knowledge of all CIS functions, security policies, technical security safeguards, and operational security measures.
Interactions with DCSA SCA/ISSP to track items including, but not limited to, upcoming authorizations (ATO), new technologies solutions (i.e., new SIEM, OS, etc.), policy interpretations (in conjunction with Sr. ISSM), and onsite A&A. Developing, maintaining, and updating, in coordination with all system stakeholders (CS Manager, ISO, DT, etc.), applicable site POAM(s) to identify system weaknesses, mitigating actions, resources, and timelines for corrective actions.
Coordinating DCSA SVA preparation activities for assigned CAGE in conjunction with site FSO/CS Manager.
Education/
Experience:
Typically a University Degree or equivalent experience and minimum 8 years prior relevant experience, or an Advanced Degree in a related field and minimum 5 years experience. Experience supporting cybersecurity compliance as stipulated by DCSA Assessment and Authorization Process Manual (DAAPM), Joint SAP Implementation Guide (JSIG), and/or National Industrial Security Program Operating Manual (NISPOM) regulations. Direct leadership or project/program management experience.
IAM Level I certification (Security+ or other). Relevant Experience Considered:
Cybersecurity, systems security or hardening;
Information Technology Compliance-based auditing using the Risk Management Framework (RMF) and/or non-defense regulations such as FAA, Payment Card Industry (PCI), ISO 9001 Quality Management standards, or HIPAA;
Experience working with and/or supporting computer technologies (such as databases, operating systems, computer network hardware, software programs, hardware…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).