Information Systems Security Manager

Position Title: Information Systems Security Manager

Location: Remote

Division: Command Cyber Solutions

Position Summary

Command Cyber Solutions is seeking a highly experienced Information Systems Security Manager (ISSM) Senior to lead cybersecurity compliance and risk management initiatives in support of federal information systems. The ISSM will serve as the senior authority on system security planning, policy development, and RMF implementation across the project lifecycle. This role is responsible for ensuring compliance with FISMA, NIST SP 800-53 Rev. 5, NIST SP 800-207 (Zero Trust), and Department of the Treasury security requirements. The ISSM will coordinate with program stakeholders, engineers, and policy teams to establish secure system architectures, manage Authority to Operate (ATO) processes, and oversee security assessment activities. The ideal candidate will have demonstrated success in designing and operationalizing cybersecurity policies, managing vulnerability remediation efforts, and leading audit readiness and response efforts in complex, cloud-enabled federal environments.

Essential Duties & Responsibilities:

• Develop and maintain the System Security Plan (SSP) and all RMF documentation to support initial and ongoing ATOs.

• Lead the design, implementation, and enforcement of cybersecurity policies, standards, and controls in accordance with FISMA, NIST SP 800-53, and agency-specific guidelines.

• Analyze system architecture and business requirements to ensure alignment with security and compliance mandates, including Zero Trust Architecture (ZTA) principles.

• Collaborate with engineering and operations teams to assess risks, monitor threats, and sustain secure, reliable digital services.

• Manage security assessment tools and observability platforms (e.g., Splunk, Dynatrace) to identify, triage, and resolve vulnerabilities.

• Participate in security governance reviews, technical working groups, and control assessments across the development lifecycle.

• Provide guidance on Treasury and CSAM system of record documentation processes and updates.

• Support requirements analysis and validation from a security compliance perspective, ensuring traceability to system-level controls.

• Coordinate and track corrective actions, POA&Ms, and risk mitigation activities to maintain audit readiness.

• Serve as the primary point of contact for internal and external security audits, reviews, and incident response coordination.

Education, Certification & Experience Requirement:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related engineering or technical discipline

• 7+ years of experience as an ISSM, security analyst, or cybersecurity specialist

• US Citizenship with a Public Trust or the ability to obtain one.

Required Certification:

• CISSP (preferred) or ISAC Security professional certification.

Knowledge, Skills & Abilities:

• Deep understanding of RMF, FISMA, and NIST SP 800-53 Rev. 5 control families and implementation practices.

• Familiarity with emerging cybersecurity frameworks such as NIST SP 800-207 (ZTA) and post-quantum cryptography.

• Experience with security governance tools and systems of record, such as CSAM or eMASS.

• Proficiency with cloud-native security monitoring and observability platforms (e.g., Splunk, Nagios, Dynatrace).

• Strong analytical and problem-solving skills for identifying and remediating technical security risks.

• Excellent verbal and written communication skills to interface effectively with technical teams, leadership, and auditors.

• Ability to manage security policy lifecycles and coordinate documentation across cross-functional teams.

• High attention to detail and capacity to manage multiple concurrent security compliance tasks.

Working Conditions/Working Environment/Physical Demands

• This position will be performed virtually from the individual's home office working on EST time schedule.

• Hours of operation are M-F between 0800-1630.

• Occasionally, project requirements may require temporary adjustment of work hours/days.

• Duties are subject to change based on the needs of the customer.

Command Cyber Solutions, LLC is an equal opportunity employer. In order to provide equal employment opportunities for all applicants and advancement opportunities to all employees, employment decisions at Command Cyber Solutions, LLC will be based on merit, qualifications and abilities. Command Cyber Solutions, LLC does not discriminate in employment opportunities or practices on the basis of race, color, religion, sex, national origin, age, disability, marital status or any other characteristic protected by law.