June 22, 2026For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above. will assist with tracking, documenting, and remediating vulnerabilities identified by the customer’s Cyber Security division and direct remediation efforts for system administrator staff, provide status updates to government and program leadership, and update relevant RMF packages as required.
li>Escalates high-risk vendor scenarios to senior leadership with well-documented context and recommended actions (e.g., significant control gaps identified during assessment, vendors handling sensitive data without required safeguards, or unresolved critical findings nearing go-live timelines). Candidate will also assist in managing relationship with Service Providers who are responsible for the actual delivery of services, managing outcomes and results, and collaborating with stakeholders across IT and business departments to develop strategies for securing company information and assets.
Herndon, Virginia30+ days ago
ul>Oversee cybersecurity posture for multiple systems or an enterprise segment as the ISSM, directing ISSOs and technical teams in implementing RMF, FISMA, and DoD/Army policies. Review and approve ISS documents, system security plans (SSPs), POA&Ms, incident response plans (IRPs), and compliance reports; brief leadership on risk, accreditation timelines, and inspection readiness.
Washington, DC30+ days ago
The Opportunity: The Senior Information System Security Manager (ISSM) shall provide leadership and oversight for designated Information System Security Officers (ISSOs) and other cybersecurity personnel to support customer systems throughout the Risk Management Framework (RMF) lifecycle. Oversee execution of the NIST Risk Management Framework (RMF) for assigned systems (categorize, select, implement, assess, authorize, and monitor controls), ensuring artifacts and activities for each RMF step are planned, documented, and kept current.
If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EYs Talent Shared Services Team (TSS) or email the TSS at ssc.customersupport@ey.com. From strategy to execution, the Government & Public Sector practice of Ernst & Young provides a full range of consulting and audit services to help our Federal, State, Local and Education clients implement new ideas to help achieve their mission outcomes.
Washington, District of Columbia30+ days ago
li>5+ years of demonstrated experience leading efforts for systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise databases leading to successful certification and accreditation or security authorization of such systems. TDI is seeking an Information Systems Security Manager (ISSM) to provide expertise needed to align and help mature the organization and technology-specific risk management plans and processes, through the implementation of the Risk Management Framework (RMF).
Rockville, MD30+ days ago
Our teams support the federal government's most critical national security and defense priorities, helping protect the nation, strengthen resilience, and advance the technologies and capabilities that keep America secure. Position Description:
Ardent is seeking an Information Security Program Manager to lead overall contract performance in support of federal cybersecurity operations, with a strong emphasis on quality assurance and program governance.
p>Position Overview The role is responsible for administering the Banks Identity and Access Management (IAM) platform and managing key security technologies including Data Loss Prevention (DLP), antivirus/anti malware, Endpoint Detection & Response (EDR), and Network Access Control (NAC). The position ensures secure access, strong endpoint protection, and compliance with HKMA regulatory requirements while supporting daily operations and continuous improvement of the banks security posture.
p>Please be aware of recruiting scams-official communications will only come from @ccrenew.com, we will never request personal or financial information, and any suspicious activity should be reported to HR@ccrenew.com. Digital forensics & incident response: Lead investigations into security events, perform forensic analysis, document findings, and coordinate response with internal teams and external partners as needed.
Herndon, Virginia4 days ago
p/>The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work. The Boeing Company
Boeing Classified Cybersecurity is currently seeking a highly motivated Cybersecurity – Information System Security Manager (ISSM) to join the team in Herndon, VA.
HII - Mission Technologies is currently seeking a SME Information System Security Manager (ISSM) to work out of Fairfax, VA in support of the DoD/DoW Advana War Data Platform designed to aggregate operational, intelligence, logistics, and sensor data from multiple domains, enable Joint All-Domain Command and Control (JADC2) by providing a common data fabric, and support AI/ML applications for predictive analytics, targeting, and mission planning. • 15 years relevant experience with Bachelors in related field; 13 years relevant experience with Masters in related field; 10 years relevant experience with PhD or Juris Doctorate in related field; or High School Diploma or equivalent and 19 years relevant experience.
Fairfax, Virginia4 days ago
p/>The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work. The Boeing Company
Boeing Classified Cybersecurity is currently seeking a Cybersecurity – Senior Information System Security Manager (ISSM) to join the team in Fairfax, VA.
ul>Oversee cybersecurity posture for multiple systems or an enterprise segment as the ISSM, directing ISSOs and technical teams in implementing RMF, FISMA, and DoD/Army policies. Review and approve ISS documents, system security plans (SSPs), POA&Ms, incident response plans (IRPs), and compliance reports; brief leadership on risk, accreditation timelines, and inspection readiness.
Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. The ISSM will also play a key role in fostering a culture of security awareness across the organization and representing the organization in interactions with external stakeholders, including government agencies, auditors, and vendors.
p>HII - Mission Technologies is currently seeking a SME Information System Security Manager (ISSM) to work out of Fairfax, VA in support of the DoD/DoW Advana War Data Platform designed to aggregate operational, intelligence, logistics, and sensor data from multiple domains, enable Joint All-Domain Command and Control (JADC2) by providing a common data fabric, and support AI/ML applications for predictive analytics, targeting, and mission planning. Requirements:
• 15 years relevant experience with Bachelors in related field; 13 years relevant experience with Masters in related field; 10 years relevant experience with PhD or Juris Doctorate in related field; or High School Diploma or equivalent and 19 years relevant experience.
Washington, OR22 days ago
In addition to managing internal security policies, this role will be the primary point of contact for client assessments and external audit engagements, ensuring all compliance obligations are met and supporting key security programs, including contingency planning, configuration management, security awareness, client assurance, and change management. The Director of Information Security & Compliance will develop and implement security policies and align organizational practices with industry frameworks such as ISO 27001, ISO 9001, SOC 1/2, Cyber Essentials, and FedRAMP to ensure continuous monitoring of security controls and incident response readiness.
p>The position combines security operations leadership, regulatory and compliance ownership, and security product responsibility, ensuring that both internal systems and customer‑facing products meet security, resilience, and vulnerability management expectations throughout their lifecycle. This role oversees daily security operations, manages compliance and governance activities, and owns the integration of security and regulatory requirements, including those introduced by the Cyber Resilience Act, into product development, lifecycle management, and operational processes.
Alexandria, VA25 days ago
p>The Opportunity: Join CACI as a Cybersecurity Analyst/Information Systems Security Manager supporting a Joint Interagency Task Force that reports to the Deputy Secretary of Defense, to better align authorities and resources to rapidly deliver Joint C-sUAS capabilities to America''s warfighters, defeat adversary threats, and promote sovereignty over national airspace.
Implement the Defense (DOD) Risk Management Framework (RMF) and assist the System Security Manager (ISSM) ensure successful implementation of associated security controls and reviews all RMF documentation packages, and system fielding, operations, or upgrade requirements.
This role owns the RMF lifecycle across classified systems, maintains ATO posture, and ensures the organization can move fast without compromising mission assurance. Join a dynamic and growing team at Game Plan Tech, dedicated to empowering public sector organizations with best-in-class AI and Google solutions.
Washington, DC30+ days ago
This role requires comprehensive knowledge of federal cybersecurity frameworks and leads major cybersecurity compliance, authorization, and risk management activities for information systems. The Information Systems Security Manager will oversee the cybersecurity posture of information systems and ensure compliance with federal regulations and security frameworks (e.g., NIST 800-181, RMF).
College Park, MD2 days ago
p>Organization''s Summary Statement: The Applied Research Laboratory for Intelligence & Security (ARLIS) at the University of Maryland is a University-Affiliated Research Center (UARC) dedicated to advancing research, innovation, and technology transition to improve decision making for U.S. national security.
The Applied Research Laboratory for Intelligence and Security (ARLIS) at the University of Maryland is seeking an IT systems Engineer who will also serve as an Information Systems Security Manager (ISSM) to support advanced research programs at the intersection of technology and national security.
p>The ideal candidate combines strong technical depth in security tooling with proven leadership experience, and demonstrates a commitment to automation, scalability and engineering-driven security operations. - 4-year bachelor's degree in computer science, a related field, or equivalent work experience required; graduate degree in Computer Science or a related field, preferred.
Alexandria, Virginia26 days ago
Join CACI as a Cybersecurity Analyst/Information Systems Security Manager supporting a Joint Interagency Task Force that reports to the Deputy Secretary of Defense, to better align authorities and resources to rapidly deliver Joint C-sUAS capabilities to America's warfighters, defeat adversary threats, and promote sovereignty over national airspace. Implement the Defense (DOD) Risk Management Framework (RMF) and assist the System Security Manager (ISSM) ensure successful implementation of associated security controls and reviews all RMF documentation packages, and system fielding, operations, or upgrade requirements.
Herndon, Virginia26 days ago
p style="margin:0px">The position combines security operations leadership, regulatory and compliance ownership, and security product responsibility, ensuring that both internal systems and customer‑facing products meet security, resilience, and vulnerability management expectations throughout their lifecycle. The Senior Manager, Information Security is a key leadership role responsible for overseeing the day‑to‑day execution of the company’s information security program while ensuring readiness for evolving global cybersecurity regulations, including the EU Cyber Resilience Act.
li>Evaluate, select, and implement security tools and technologies that enhance SecuriGence's security posture, drawing on your experience with a wide range of security tools and technologies (e.g., ACAS, AD, DNS, HBSS, ITSM, OCSP, OS Imaging, SCCM, SCOM, SIEM). Oversee 24/7 security operations, including continuous monitoring of networks, systems, and data for anomalies and potential threats, building on your experience managing security operations centers and monitoring critical network infrastructure.
McLean, Virginia12 days ago
div>Senior Manager, Information Security Office (AI) ConsultantAt Capital One, the AIML Division is working to bring the transformative power of emerging AI capabilities, to reimagine how we serve our customers and businesses.
Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate’s offer letter.
li>Coordinate and execute proactive Information Security consulting to the business and technology teams covering API Security, File Transfer, Infrastructure Security, Resiliency, Data Security, Network Architecture and Design, Datalake Architecture, BI, and consumption tools, and User Access Management.
If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at RecruitingAccommodation@capitalone.com.
Tysons Corner, VA30+ days ago
p>Information Security, Cybersecurity Engineering, Security Engineering, Security Tooling, Security Tools Integration, SIEM, EDR, Vulnerability Management (VM), Cloud Security, Security Orchestration and Automation (SOAR), Python, Scripting, Automation, Security Operations Engineering, Detection Engineering, Threat Detection, Security Platforms, Tool Integration, Systems Engineering, Network Security, Hybrid Cloud (On-Prem & AWS/Azure), AWS, Azure, OpenStack, Infrastructure Security, DNS Security, Enterprise Security, Security Architecture, DevSecOps, Continuous Improvement, KPIs, Metrics, Engineering Leadership, Team Leadership, People Management, Cross-Functional Collaboration, Stakeholder Management, Technical Leadership, Hands-On Leader, Reston VA, Northern Virginia. This role will lead a team of senior security engineers responsible for building, integrating, and operating enterprise security tooling across hybrid infrastructure environments.
Washington, DC30+ days ago
li>5+ years of demonstrated experience leading efforts for systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise databases leading to successful certification and accreditation or security authorization of such systems. TDI is seeking an Information Systems Security Manager (ISSM) to provide expertise needed to align and help mature the organization and technology-specific risk management plans and processes, through the implementation of the Risk Management Framework (RMF).
li>Knowledge of the principles, methods, and practices for integrating information network and system components sufficient to plan, coordinate, and administer computer network and systems, and optimize network and system performance; and knowledge of performance tuning tools, database management, and project management methods sufficient to optimize network and systems performance, troubleshoot database performance problems, and perform a wide range of network and hardware functions.
Knowledge of Local Area Network security requirements and techniques for protecting computer systems from viruses, data tampering, and unauthorized system entry; and know ledge of a full range of IT security principles, concepts, practices, products and services, and methods for evaluating risk and vulnerability, implementing mitigating improvement, and disseminating IT security tools and procedures for all IT systems.
You'll use your understanding of cyber operations to apply emerging technologies, uncover system and network vulnerabilities, and collect and maintain data needed to meet system cybersecurity reporting, as well as ensure that security improvement actions are evaluated, validated, and implemented as required. Salary at Booz Allen is determined by various factors, including but not limited to location, the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements.
ul>Assist the Special Programs ISSM in providing technical planning, expertise, oversight and daily administration of security actions for classified information systems ranging in a wide degree of complexity, and works directly with information system sponsors and sponsor ISSMs to meet Federal requirements under the Risk Management Framework (RMF) and to maintain system authorizations. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
Springfield, Virginia30+ days ago
Qualifications: Required:
- Bachelor degree or higher from an accredited college or university (Recommend an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.).
- Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports,
- Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection.
Falls Church, Virginia10 days ago
ISSMs are responsible for overall security program management for assigned systems, including developing and maintaining System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms). The platform hosts hundreds of curated applications across logistics, financial management, personnel, health, and other domains, accelerating decision advantage through accessible, actionable data and AI capabilities.
Fort Belvoir, VA30+ days ago
These documents must provide acceptable information to verify: Residency within the commuting area of your sponsors permanent duty station (PDS); proof of marriage to the active duty sponsor; proof of military members active duty status; and other documentation required by the vacancy announcement to which you are applying. To be eligible as a RGP, you must submit the following supporting documents with your application package: a signed Retained Grade PPP Self-Certification Checklist (DD3145-1 (whs.mil)); a copy of your Notification of Personnel Action (SF-50) effecting the placement in retained grade status; or a copy of the notification letter you received regarding the RIF or classification downgrade.
p>CIBC's Technology Infrastructure and Innovation (TI&I) business spans Technology, Information Security, Deposit Operations, Loan Operations, Payment Operations, Data Management Office, Corporate Real Estate, Corporate Security, Procurement, Operational Resilience, and Risk & Governance. You are an experienced risk leader with a minimum of 10 years of progressive experience in technology risk management, cybersecurity, or controls implementation within a large, complex financial institution (GSIB experience preferred).
p>Minimum Requirements (Knowledge, Skills, and Abilities): - Minimum of 7 years of experience collectively with the following:
- Proven work experience as an Information Systems Security Officer or a similar role, preferably in a complex organizational setting. The entire section leverages agile and works to provide enhanced reporting and global searching capabilities to facilitate task management, cross-utilization, and address national intelligence priorities while protecting confidential data and sources.
The entire section leverages agile and works to provide enhanced reporting and global searching capabilities to facilitate task management, cross-utilization, and address national intelligence priorities while protecting confidential data and sources. As appropriate, each employee is responsible for completing all training requirements and fulfilling all self-aid/buddy aid responsibilities, participating in emergency response tasks and serving on safety committees and teams.
p>Shift 1st shift United States of America Hours Per Week 40 Learn more about this role View transcript Close transcript Music in background throughout On screen copy Bank of America logo Technology Architect Technology Architect At Bank of America, I help shape the technology strategy that powers our global business. Information Security Architect - AI & Cloud Security is a senior member of the BISO Secure Solutions Design team responsible for defining secure architecture patterns, assessing emerging AIML solutions, and ensuring alignment with Global Information Security (GIS) policies and enterprise architecture strategies.
Reston, Virginia30+ days ago
Recognized for the ability to translate technical security gaps into clear, executive-level narratives that facilitate informed risk-management decisions.
JOB DUTIES AND RESPONSIBILITIES
The ISSO Lead must also have extensive experience with security authorization processes, such as Authorization/Certification & Accreditation (A&A) and Authorization to Operate (ATO), along with the ability to develop associated documentation.
About Agile Defense
At Agile Defense we know that action defines the outcome and new challenges require new solutions.
There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, education and certifications as well as contract provisions regarding labor categories that are specific to the position and could fall outside of this range. National Resilience – supporting agencies such as Federal Deposit Insurance Corporation (FDIC), Treasury, Health & Human Services (HHS), National Institutes of Health (NIH), National Oceanic and Atmospheric Administration (NOAA) and the United States Department of Agriculture (USDA).
Gaithersburg, MD16 days ago
The ISSO is responsible for meeting regulatory and non-regulatory compliance (security best practices) demands, providing leadership over security assessment activities, working across system ownership and management organizations to test security controls, policies, and procedures, providing program management support, team leadership, and participating in and coordinating the support as needed for security assessment and activities The ISSO also manages and enforces government and corporate information security policies, provides training, and educates end users and program staff about proper security practices. The ISSO conducts security and risk assessments as required using a range of security accreditation frameworks (e.g., NIST, RMF, Common Criteria, DoD, the Intelligence Community Directives (ICDs)), and works to mitigate risks by applying security controls effectively to achieve an acceptable degree of operational risk.
Washington Dc, District of Columbia16 days ago
Critical deliverables include preparing Security Test Plans 90 days prior to testing and Security Test Reports within 15 days after testing, generating POA&Ms within 0 to 15 days after vulnerability identification, and updating System Security Plans, Configuration Management Plans, and Contingency Plans annually or when changes occur. This position requires following the Information Systems Security Officer (ISSO) Guide when developing, updating, or reviewing required security artifacts and tracking and suggesting technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access.
Washington Dc, District of Columbia16 days ago
The Senior ISSO will ensure proper access controls are implemented for both system access and physical access to data processing facilities, track and suggest technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access, and research and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and network and device security and encryption. Critical deliverables include preparing Security Test Plans 90 days prior to testing and Security Test Reports within 15 days after testing, generating Risk Assessment Reports within 0 to 15 days after analysis completion, and producing Weekly Activity Reports and Monthly Program Reports to track progress and compliance.
It's a better process: facilitating a continuous ATO through real-time monitoring and dashboards that provide single pane of glass visibility into control compliance, zero-trust built-in to system design from day one, continuous evidence that gives auditors real-time proof instead of point-in-time packages, and an ATO that program teams can inherit rather than pursue. You take pride in delivering high-quality work with minimal oversight, exercising sound judgment, and serving as a trusted cybersecurity advisor to both technical teams and leadership.
Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law. For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.