Information Systems Security Manager (ISSM)

MAG is currently looking for an Information Systems Security Manager (ISSM) to provide a variety of services leveraging the Risk Management Framework (RMF) accreditation. Services are associated with validation, approval, and sustainment of cybersecurity accreditation packages. Performs and analyze a range of Information Security Systems Manager (ISSO) activities and assist with the development and implementation of security policies in Fort Bragg, NC.

Duties include, but not limited to:

• Leads the development, implementation, and sustainment of the organization’s cybersecurity program in accordance with NIST SP 800-53, and RMF guidance.
• Oversees continuous monitoring, vulnerability management, and cybersecurity inspections.
• Coordinates with Command leadership CIO/CDAO/CISO offices, and external stakeholders to ensure alignment with enterprise cybersecurity strategy.
• Manages cybersecurity workforce roles in accordance with DoD 8140/8570 requirements.
• Supervise ISSOs and contractors, provides technical direction. Ensures consistent implementation of cybersecurity policies, RMF requirements, and security controls across all supported systems.
• Serves as Deputy RMF Supervisor for all assigned information systems.
• Oversees system categorization, control selection, implementation, assessments, and authorization package development.
• Ensures timely submission and maintenance of system Security Plans (SSPs) POA&Ms, Security Assessment Reports (SARs), and other RMF artifacts.
• Coordinates with the Authorizing Official (AO), Security Control Assessor (SCA), and system owners to achieve and maintain Authorization to Operate (ATO).
• Ensures continuous monitoring activities are executed and documented.
• Oversees vulnerability scanning, STIG compliance, patch management, and security tool deployment (e.g., ACAS, HBSS/ESS, EDR).
• Provides cybersecurity training, awareness, and guidance to system owners, administrators and users
• Prepares for and supports cybersecurity inspections, audits, and readiness assessments (e.g., CORA, IG and JCIP inspections).
• Represents the organization at cybersecurity working groups, technical exchanges and governance boards.
• Supervise ISSOs and contractors, provides technical direction. Ensures consistent implementation of cybersecurity policies, RMF requirements, and security controls across all supported systems.

Minimum Requirements

Knowledge and Skills

The required skills and knowledge include:

• US Citizenship and Possess an Active TS/SCI Clearance. 
• In compliance with DoD Cyber Workforce 8570.01  
• Experience applying abstract security requirements, including NIST 800-53 version 5 controls to information systems.
• Experience in an advisory environment and communicating technical subjects to clients.
• Knowledge of supporting the development or modification of System Security Plans, security requirements, and supporting documentation for the Assessment and Authorization process.
• Ability to ensure all products and administrative documentation is completed and maintained, including continuity and historical reference, and design, develop, and implement network security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation.
• Mentor junior ISSOs, system administrators, and mission partners on RMF processes and best practices.
• Support cyber assessments, inspections, red/blue team activities, and incident response planning.
• Must meet position and certification requirements outlined in DoD Directive 8570.01 / 8140 for Information Assurance Management Level 2 or 3 (IAM Level II / III). 

The minimum years of related experience required: 

• 5+ years of experience leading and implementing the Assessment and Authorization process under Risk Management Framework for new and existing information systems.
• 4+ years of experience reviewing assessment reports and assisting projects in identifying security risks, including technical and non-technical, and developing effective mitigation strategies, including Plan of Action and Milestones.

Education

• The minimum level of education required is: BS in Computer Science or Information Technology (or equivalent experience)

Desired Requirements

The desired skills, knowledge, and education include:

• Familiar with DIA assessments and accreditation documentation within the XACTA management platform. 
• Familiar with eMASS - ENTERPRISE MISSION ASSURANCE SUPPORT SERVICES platform.
• Conduct audits to identify how well controls are delivered/supported and potential opportunites for improvement with stakeholders.
• Provide reports, briefs, and POAM creation for findings.
• Ability to read, review, and consolidate ACAS scans, DISA STIGS, and Information Assurance Vulnerability Management (IAVM) results. 
• Excellent interpersonal skills, including the ability to work on multi-functional teams 
• Display detailed knowledge and understanding of multiple technology infrastructures. 
• Ability to serve as a principal advisor on all matters, technical and otherwise, involving the security of an IS.  
• Exhibit individual initiative to influence events and achieve goals. Be proactive and a self-starter, going beyond specific job responsibilities to ensure goals and achieved or exceeded. 
• Travel as necessary for customer projects, technology expositions, and corporate meetings. 

Other Qualifications

• Outside of the above, other certifications, licenses, or clearances include: None 
• Physical requirements for the job include the ability to work in an office and lab environment.