(704) Cybersecurity Information System Security Manager (ISSM)
Arlo Solutions · Orlando, FL · Yesterday
Information TechnologyFull-time
Responsibilities
- Serve as the Information System Security Manager (ISSM) for 3–7 assigned Army Information Systems.
- Lead all phases of the DoD Risk Management Framework (RMF) lifecycle in accordance with NETCOM RMF guidance.
- Develop, maintain, and manage Authorization Packages, including SSPs, POA&Ms, Security Categorization, Continuous Monitoring documentation, and supporting Body of Evidence.
- Cybersecurity risk assessments and recommend mitigation strategies supporting Authorizing Official (AO) risk decisions.
- Coordinate Security Control Assessments (SCA) and remediation of assessment findings.
- Manage Continuous Monitoring (ConMon) activities, vulnerability management, STIG compliance, ACAS review, and cybersecurity reporting.
- Review system architecture, authorization boundaries, network diagrams, data flows, and system changes to ensure continued compliance.
- Prepare and brief cybersecurity status, risks, and authorization recommendations to senior Government stakeholders.
- Support implementation of Zero Trust Architecture (ZTA), cloud security, and secure system engineering principles where applicable.
Requirements
- Active Top Secret Security Clearance (SCI eligibility preferred)
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or related field (or equivalent experience)
- Minimum 8 years supporting DoD cybersecurity program
- Minimum 5 years supporting DoD RMF and Assessment & Authorization activities
- Experience supporting U.S. Army or other DoD cybersecurity programs
- Experience managing multiple RMF authorization packages simultaneously
- Excellent written, verbal, and presentation skills
Qualifications
- Required Knowledge & Experience
- Department of Defense Risk Management Framework (RMF)
- U.S. Army RMF implementation
- NETCOM RMF Business Rules and authorization processes
- Continuous Monitoring (ConMon)
- Vulnerability Management
- Security Control implementation
- Security Assessments and Authorization (A&A)
- System Security Plans (SSP)
- POA&M management
- Security documentation development
- Cybersecurity governance and compliance
- eMASS, Xacta, or equivalent GRC tools
- Microsoft Windows, Linux, virtualization, and enterprise networking
- Cloud environments supporting FedRAMP and DoD Cloud SRG (preferred)