Information Systems Security Manager

Information System Security Manager (ISSM)

Role Summary:
The ISSM is responsible for developing, implementing, and managing the cybersecurity program for classified and unclassified systems, ensuring compliance with NIST, DOE/NNSA requirements, and RMF authorization processes.

Key Responsibilities:

• Create and maintain security authorization packages for unclassified, classified, and Industrial Control Systems.
• Implements the Risk Management Framework steps.
• Ensure continuous monitoring activities (scanning, auditing, incident response) are performed.
• Coordinate with the ISSO and coordinate activities related to cybersecurity operations.
• Develop, implement, and maintain cybersecurity policies, procedures, and security control baselines.
• Perform risk assessments and develop mitigation strategies.
• Perform supply chain risk management activities.
• Coordinate with the AODR for cybersecurity risks and mitigation activities.
• Ensure media protection, configuration control, access management, and change approval.
• Lead incident response for security violations or cyber events.

Required Qualifications:

• Active Q security clearance.
• Strong knowledge of RMF, NIST SP 800‑53, 800‑37, and 800‑82.
• At least one of the following certifications: CISSP, CISM, CISA, CEH, and/or GIAC Security Management Certificate
• Proven knowledge and experience in system architectures, network defenses, classified systems security features and requirements, Industrial Control System security features and requirements, Technical cybersecurity control requirements for unclassified, classified, and Industrial Control Systems, Cloud cybersecurity features and requirements in GCC High, and technical depth in network, system, and application security.
• 5+ years of experience in the role of an ISSM or an ISSO at a government facility which included: establishing, documenting, monitoring, and enforcing a cybersecurity program that included classified, unclassified, cloud computing, and industrial control systems.
• .Must have the ability to assess and manage risk to evaluate security posture, identify gaps, and determine mitigations.
• 5+ years of experience in cybersecurity program management and governance.
• Experience With DOE Policies & Federal Cybersecurity Requirements
• Prior experience in federal organizational security environments (DOE, NNSA, DCSA, NRC, other agencies) in an ISSO or ISSM role.
• Experience as Primary AO or AODR Liaison for Cybersecurity compliance, risk acceptance coordination, and security posture reporting.

Prior experience creating no less than 5 accreditation packages for classified, unclassified, and industrial control system networks.

Pay: $93,083.08 - $150,100.05 per year

Benefits:

• Dental insurance
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Referral program
• Vision insurance

Security clearance:

• Top Secret (Required)

Ability to Commute:

• Oak Ridge, TN 37830 (Required)

Work Location: In person