Information Systems Security Manager (ISSM) -305308

Description

We are seeking a senior Information Systems Security Manager (ISSM) to serve as the Subject Matter Expert (SME) for the Combined Air Operations Center - eXperimental (CAOC-X) enclave. The ISSM provides comprehensive cybersecurity support for all CAOC-X applications, tests, experiments, and exercises. This role is responsible for leading all cybersecurity operations, managing the full Risk Management Framework (RMF) lifecycle, and ensuring the security posture of both TS/SCI and NIPRNET environments complies with Federal, DoD, and Air Force directives. The ISSM serves as the focal point for all cybersecurity matters and will work closely with engineering, architecture, and mission teams to ensure the secure integration and protection of multi-classification environments.

Requirements

• Serve as the senior cybersecurity authority for CAOC-X information systems, ensuring compliance with directives such as AFI 17-101, DoDI 8510.01, and NIST SP 800-53.
• Develop, manage, and maintain complete Risk Management Framework (RMF) documentation and certification & accreditation (C&A) packages for all classified and unclassified systems.
• Lead all Authority to Operate (ATO) activities, including package development for ATO, Authority to Connect (ATC), and Interim Authority to Test (IATT).
• Serve as the focal point for cybersecurity, including Computer Security (COMPUSEC), Communications Security (COMSEC), and Emissions Security (EMSEC).
• Oversee vulnerability management, STIG/SRG implementation, patching, and remediation using tools such as ACAS, NeuVector, & Endpoint Security Solutions (ESS).
• Lead the identification, evaluation, and mitigation of physical, technical, and administrative risks to the AOC and Air Force Global Information Grid.
• Maintain situational awareness of the cybersecurity posture, initiate corrective actions, and lead local cyber incident response activities.
• Conduct annual security reviews and testing of all cybersecurity controls.

Knowledge:

• Demonstrated experience creating, managing, and maintaining Risk Management Framework (RMF) documentation and artifacts.
• Proven experience with the cyber certification process for obtaining Authority to Operate (ATO), Authority to Connect (ATC), and Interim Authority to Test (IATT) on NIPRNET and SIPRNET.
• Hands-on experience implementing Security Technical Implementation Guides (STIGs) and managing Information Assurance Vulnerability Management (IAVM) programs.
• Experience with Commercial Solutions for Classified (CSfC) cross-domain solutions and their associated certification processes.
• Proficiency with vulnerability management and security tools, including ACAS, NeuVector, and Endpoint Security Solutions (ESS).
• Experience with SIEM tools.

Highly Desired:

• Experience with AOC systems, architecture, and networking.
• Experience with Zero Trust principles and implementation.
• Experience Windows & UNIX Operating Systems, ACAS / ESS, HBSS

Abilities:

• Ability to lead ISSOs and provide cybersecurity guidance to all CAOC-X stakeholders.
• Ability to lead cybersecurity teams and coordinate with technical and mission stakeholders.
• Ability to coordinate directly with the Authorizing Official (AO) and Security Control Assessor (SCA) to support assessments, evidence collection, and risk determinations.
• Ability to author, review, and redline cybersecurity and engineering documentation.
• Ability to evaluate technical designs, system changes, and architectural impacts from a cybersecurity perspective.

Security Clearance:

• Must possess an active Secret clearance with the ability to be upgraded to Top Secret/SCI.

Education:

• High School Diploma or GED with 12 years of experience; OR
• Master's or Ph.D. in Computer Science, Cybersecurity, or a related field with 5 years of experience.

Required Certifications:

• Must meet DoD 8140.03 certification requirements: CISM, CISSP, CISSP-ISSMP, FITSP-M, GCIA, GCIH, GICSP, or GSLC.

Experience:

• A minimum of 10 years of experience in a relevant cybersecurity field.
• Deep understanding of RMF, STIGs, and DoD cybersecurity policy.
• Knowledge of multi-classification environments (NIPRNET, SIPRNET, TS/SCI).
• Strong technical writing skills for SSPs, POA&Ms, and other RMF artifacts.
• Excellent communication, briefing, and time-management skills.

Benefits

• Covers 100% of employee benefit premiums, including Medical (PPO or HDHP Option), Vision, Dental

• Matching 401K
• Short- and Long-Term Disability
• Pet Insurance
• Professional Development/Education Reimbursement
• Parking and Transit Benefits for NY, NJ, ATL, and DC Metro areas

Other Duties:

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.