Cloud Cybersecurity Manager (CCM) - Military Community and Famil

Description

Vistra seeks a Cloud Cybersecurity Manager (CCM) to serve as the Government's primary design thought partner and customer experience strategist to the Military Community and Family Policy Outreach and Digital Enterprise Services (MODES III) contract in support of the Office of the Deputy Assistant Secretary of Defense (DASD) for Military Community and Family Policy (MC&FP). The CCM is responsible for providing comprehensive, multidisciplinary cybersecurity oversight, strategic guidance, and operational support for all cloud-based environments and digital assets supporting the MC&FP enterprise in AWS GovCloud. This role ensures the security, resilience, and regulatory compliance of critical DoD cloud environments, in alignment with evolving Federal, DoD, DISA, U.S. Cyber Command, and MC&FP cybersecurity mandates and industry best practices. The CCM leads the orchestration and execution of all cloud security initiatives, maintains a vigilant security posture against emerging threats, and acts as a subject matter expert on cloud security architecture, operations, incident response, and compliance frameworks. This position requires a deep understanding of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), the application of Security Technical Implementation Guides (STIGs), cloud vulnerability and threat management, and continuous monitoring techniques.

Key Responsibilities:

• Provide comprehensive cyber and cloud security leadership ensuring all cloud environments are designed, maintained, and operated securely and efficiently.
• Develop and implement the overall cybersecurity strategy aligned with DoD, DISA, NIST (SP 800-53), FISMA, and MC&FP requirements.
• Lead cloud risk management and IT security compliance initiatives, including application of the Risk Management Framework (RMF) across all MC&FP systems.
• Oversee daily monitoring, threat detection, and incident handling for cloud-based resources, including AWS GovCloud environments.
• Implement advanced security architectures for predictive threat detection and proactive incident response.
• Maintain and regularly test contingency plans, disaster recovery (DR), and continuity of operations (COOP) procedures for cloud infrastructure.
• Provide direct support for vulnerability management, penetration testing, and mitigation of security risks.
• Ensure continued Authorization to Operate (ATO) status for cloud systems at relevant impact levels.
• Conduct bi-annual audits of IT and cybersecurity SOPs, documenting and remediating compliance gaps.
• Oversee routine and ad-hoc reporting of compliance status, incidents, and risk metrics through dashboards and official reports.
• Coordinate with Tier 2 CSSPs and government cyber teams to ensure seamless lifecycle management and reporting for incidents and vulnerabilities.
• Adhere to and enforce compliance with all applicable STIGs, SRGs, IAVAs, and other cybersecurity requirements.
• Catalog and inventory all cloud configuration items (CIs), and maintain an up-to-date configuration management (CM) database with strong data integrity and availability measures.
• Oversee review and implementation of secure configurations and baseline management for all cloud resources.
• Serve as Secretariat for the Configuration Control Board (CCB), maintaining records, policies, procedures, and facilitating CCB meetings.
• Manage the change control process for all information systems, networks, and security modifications.
• Lead or support scenario planning exercises, threat simulation labs, and cross-agency security drills.
• Identify and recommend the implementation of emerging security technologies, automation, and best practices to advance security posture.
• Develop and implement automated incident response workflows and playbooks.
• Serve as principal cloud security advisor to leadership, project managers, developers, and IT engineering teams.
• Collaborate with government stakeholders, technical teams, and external partners to ensure secure design, deployment, and operation of cloud systems.
• Provide cloud cybersecurity guidance and training to staff and ensure all stakeholders are informed of their security responsibilities.
• Ensure that account provisioning, privilege management, and access controls for cloud systems are implemented and regularly reviewed.
• Maintain compliance with the DoD Cyber Workforce Framework (DCWF), ensuring staff certifications and training are up to date.

Requirements

• A minimum of eight years of experience in managing cybersecurity projects of similar size and complexity to this requirement within a cloud environment.
• A minimum of eight years of experience with the NIST RMF, NIST SP 800-53, STIGs, Security Content Automation Protocol (SCAP), Information Assurance Vulnerability Alerts (IAVAs), and Federal Information Security Management Act (FISMA).
• Possess one of the following certifications: CISM, Certified Information Systems Security Officer (CISSO), Federal IT Security Professional-Manager (FITSP-M), GIAC Certified Intrusion Analyst Certification (GCIA), GIAC Cloud Security Automation (GCSA), GIAC Certified Incident Handler (GCIH), GIAC Security Leadership Certification (GSLC), Global Industrial Cyber Security Professional Certification (GICSP), CISSP-ISSMP, or CISSP
• Possess a minimum of a favorably adjudicated Tier 5 investigation.
• Prefer bachelor's degree in computer science, IT, information systems, or a related field.
• Prefers a minimum of eight years of experience analyzing, assessing, and implementing corrective actions based on vulnerability management and penetration testing.
• Prefers minimum of eight years of experience supporting DoD defensive cyber operational activities, including, but not limited to, information system protection, defense, response (incident handling), reporting, and recovery.

About Vistra: Vistra Communications, doing business as Vistra and Vistra Federal Solutions, is a Service-Disabled Veteran-Owned Small Business (SDVOSB) headquartered in Tampa, FL with an office in Springfield, VA providing professional support serviced to Defense, Federal, and Civilian Agencies. Approximately 25% of our "team member" employees work in the National Capital Region, providing communications, outreach, and organizational transformation services to our public sector customers. Vistra provides medical, dental, and vision benefits, life and disability insurance, employer matching 401(k) retirement plan, Paid Time Off, Parental and Bereavement Leave, and Professional Development, among other benefits.

US Citizenship Required: Due to the requirements of the federal contract that this position supports, U.S. citizenship is required. Citizenship will be confirmed via I-9/E-Verify at the start of employment.