Lead Information System Security Manager (ISSM)

Tyto Athene, LLC is looking for a Lead Information System Security Manager (ISSM) in Arlington, VA. This role supports a customer in Arlington, VA, and involves daily tasks including system compliance validation, vulnerability management response coordination, data transfer, ongoing audit review, and general support for continuous monitoring activities. The ISSM will oversee a team of information system security officers and implement robust cybersecurity measures to proactively identify and mitigate cyber threats. This role requires a strong appetite for learning, attention to detail, the ability to meet tight deadlines, and great organizational skills in a collaborative environment.

Responsibilities:

• Ensure that information system security requirements are addressed during all phases of the information system security lifecycle.
• Assist with the creation of operational Operations and Maintenance (O&M) checklists and build Tactics, Techniques, and Processes (TTPs) and Standard Operating Processes (SOPs).
• Develop and continuously update all Security Authorization documentation as required by the customer and applicable Risk Management Framework (RMF) packages.
• Assist ISSM/ISSO/ISSE with the integration/development of new techniques to improve Confidentiality, Integrity, and Availability for networks/systems.
• Ensure that security improvement actions are evaluated, validated, and implemented.
• Assure successful implementation and functionality of security requirements and IT policies consistent with the organization's mission and goals.
• Identify IT security program implications of new technologies or upgrades.
• Participate in information security risk assessments during the Security Assessment and Authorization process.
• Prepare, distribute, and maintain plans, instructions, guidance, and SOPs concerning the security of network systems operations.
• Recognize possible security violations and take appropriate action to report incidents.
• Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
• Support the development of policy standards and implementation strategies to ensure compliance with cybersecurity policies.
• Perform self-sustaining work with little to no oversight.
• Assist in analyzing technical risks of emerging cybersecurity tools and processes.

Required:

• Bachelor’s degree in Computer Science, Information Technology, or related field
• 12 years of relevant experience
• Experience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev4/Rev5, NSM 8, and working with System Owners (SO)
• Familiarity with information system security principles of NIST 800-171
• In-depth knowledge of NIST special publications, CNSS policies, and instructions
• Ability to review, analyze, and interpret technical procedures against customer security requirements
• Strong communication skills, both written and verbal

Desired:

• Understanding & experience with eMASS or Xacta is a PLUS
• FedRAMP process & Cloud environments (Azure, AWS) experience preferred
• Certified Information Security Manager (CISM) (optional but highly recommended)

Clearance: Active TS/SCI clearance required

Certification: DoD 8570 IAM/IAT Level II certification. DoD Directive 8570.01-M for Information Assurance Technician Level III within 6 months of the date of hire.

Location: This is an on-site role with expectations of being on the client site in Arlington, VA five days a week.