Information Systems Security Manager (ISSM)

The Information System Security Manager (ISSM) is responsible for the overall security posture of information systems within the SCIF and other secured environments. The ISSM ensures compliance with federal regulations, security policies, and accreditation requirements to safeguard classified information. This role requires strong technical expertise, a proactive mindset, and a commitment to maintaining the confidentiality, integrity, and availability of information systems. The individual will lead a small classified systems compliance team. This role is hybrid, based out of Herndon, and supports multiple facilities in the DMV area (Herndon, Manassas, and Washington D.C.).

• System Security Management:
  • Oversee the implementation and management of system security measures in compliance with National Industrial Security Program Operating Manual (NISPOM), Risk Management Framework (RMF), Intelligence Community Directives (ICDs), and other applicable regulations.
  • Maintain the security posture of classified systems by ensuring compliance with Assessment and Authorization (A&A) requirements.
• Risk Assessment and Mitigation:
  • Conduct regular risk assessments, vulnerability scans, and security audits to identify and mitigate potential threats.
  • Develop, implement, and manage security policies and procedures to address identified risks.
• Monitoring and Incident Response:
  • Monitor system activity and respond to potential security incidents.
  • Investigate and document security incidents and implement corrective actions to prevent recurrence.
• Documentation and Reporting:
  • Prepare and maintain security documentation, including System Security Plans (SSPs), Plan of Action and Milestones (POA&M), and risk assessments.
  • Submit reports on system security status to senior leadership and government security officials as required.
• Compliance and Training:
  • Ensure all personnel accessing SCIF systems complete required security training.
  • Conduct periodic security briefings and ensure adherence to access control policies assist with training VTG staff across the organization.
• Leadership
  • Provide oversight and mentor team of ISSMs and ISSOs ensuring compliance of multiple networks.
• Collaboration:
  • Work closely with other VTG staff to ensure coordinated efforts in maintaining security compliance.
  • Coordinate with external auditors and government representatives for security inspections, audits, and authorization of systems.

Required:

• Bachelor’s degree in information systems, Cybersecurity, or a related field (or equivalent experience).
• Minimum of 8 years of experience in information system security in classified environments.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication abilities.
• Ability to work independently and in a team environment.
• Experience with implementing and managing classified information systems in a SCIF environment.
• DoD 8570.01-M IAM Level III certification, such as CISM, CISSP, or CCISO
• Top Secret/SCI with Poly

Desired:

• Proficiency in tools such as eMASS, ACAS, Splunk, or similar platforms.
• In-depth knowledge of RMF, NISPOM, ICD 503, and other relevant guidelines.
• Prior experience leading a team.