Information System Security Manager (ISSM), Public Sector

Our Security team works on operational issues at the leading edge of machine learning technology. You will join a creative and solutions-oriented team collaborating with internal teams at Scale and externally with our customers. Scale is looking for an experienced security and compliance professional to support Assessment and Authorization and agency audit activities for Scale's products that are offered in the US Government and global Public Sector space. We are seeking relentlessly curious, open-minded, and action-oriented generalists who can design effective legal advice, internal policies, and operational processes while employing an empathetic interpersonal style. If you enjoy solving novel and challenging problems and building strong teams and relationships, we'd love to hear from you!

• Lead public sector security compliance projects and audits (FedRAMP HIGH, DoD Cloud Computing SRG IL4/IL5/IL6, NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework).


• Collaborate with product, engineering, security, operations, people operations, and legal teams to implement new technical, administrative, and operational controls.


• Work with 3PAOs and federal government AOs to achieve compliance certifications and reports.


• Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures.


• Serve as a liaison between system owners and security personnel to ensure effective implementation and maintenance of security controls throughout project lifecycles.


• Develop, review, and update system security documentation regularly.


• Conduct vulnerability scans and develop POAMs to address reported vulnerabilities, managing risks and tracking remediation progress.


• Coordinate with system owners for corrective actions and monitor security controls to maintain ATO status.


• Upload security control evidence to GRC tools like eMASS or Xacta to support ongoing security monitoring.


• Lead Risk Management Assessment and Authorization (A&A) processes for deployments.


• Perform cloud system risk assessments, improve workflows, and develop new processes.


• Implement manual Security Technical Implementation Guides (STIGs), vendor hardening guides, and ensure timely application of patches.


• Create and maintain ATO packages.


• Lead security compliance reviews for new products, features, and changes.


• Advise the business on emerging certification programs, requirements, and technologies.


• Develop and deliver security awareness training for employees and contractors.

Active US Top Secret security clearance with at least IAT Level 2 certification (Security+, CASP, or similar).

• Experience with frameworks and standards such as FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, and RMF.


• Knowledge of STIG/RMF policies, compliance validation via ACAS, and relevant testing procedures.


• Project management experience from conception to launch.


• Ability to translate technical and business risks and communicate effectively with leadership.


• Excellent organizational and communication skills.


• Understanding of cybersecurity controls for cloud providers, especially AWS and other government-approved clouds.


• Over 5 years of experience in security compliance or technology audits.

• Bachelor's degree in accounting, information systems, computer science, or related fields.