Find The RightJob.

Information Systems Security Manager

Position: Information System Security Manager — ISSM

Location: Remote, Onsite in SD or OH to be determined
Clearance: Active Secret required
Recommended Level: Senior ISSM / Cybersecurity Program Manager
Reports To: Program Manager / AO or AODR support chain

Position Summary

The ISSM will serve as the senior cybersecurity authority for assigned Air Force Financial Management systems and will provide cybersecurity program oversight, RMF governance, ISSO supervision, artifact quality control, ATO decision support, vulnerability/risk management oversight, and stakeholder coordination. The SOW states that the ISSM provides quality control, oversight, and approval for ISSO work products, while supporting FM AO decision packages, risk-informed authorization decisions, eMASS/ITIPS artifacts, vulnerability trends, and leadership briefings.

Key Duties

The ISSM will:

Cybersecurity Program Management

Serve as the primary cybersecurity advisor to the AO/AODR for assigned systems.
Establish, manage, and enforce cybersecurity policies, standards, procedures, and RMF execution practices.
Ensure cybersecurity requirements are integrated across the full system lifecycle.

RMF Oversight / ATO Support

Oversee RMF execution for assigned systems.
Ensure proper system categorization under CNSSI 1253 and FIPS 199.
Review and approve SSPs, SAR/RAR, RARS, POA&Ms, control evidence, continuous monitoring plans, and authorization packages.
Prepare or review AO staffing packages for ATO, ATO with Conditions, Denial, or risk acceptance decisions.

ISSO Oversight

Appoint, train, mentor, and oversee ISSOs.
Review ISSO-submitted artifacts, self-assessments, evidence, POA&M updates, and security documentation.
Hold ISSOs accountable for system-level day-to-day cybersecurity posture.

Security Control / Vulnerability Management

Ensure controls are implemented, assessed, monitored, and operating effectively.
Oversee STIG compliance, IAVA/IAVB/IAVT tracking, vulnerability remediation, and risk-based mitigation planning.
Coordinate with the SCA during assessments.

Configuration / Change Management

Enforce secure configuration management across assigned systems.
Approve significant hardware, software, firmware, architecture, or boundary changes.
Ensure security impact analyses are documented before changes are implemented.

Incident Response / Reporting

Establish and maintain incident response procedures.
Ensure incidents are identified, reported, contained, remediated, and documented.
Coordinate with Wing Cybersecurity Office, AFCYBER, law enforcement, counterintelligence, and leadership as needed.

SCRM / Acquisition Support

Identify and mitigate supply chain risks for hardware/software.
Coordinate with PMs and contracting officials on cybersecurity requirements for acquisitions.

Leadership Reporting

Brief FM leadership on risk posture, vulnerability trends, POA&M status, ATO readiness, and remediation progress.
Participate in governance forums, inspections, audits, program reviews, and authorization boards.

Required Knowledge / Systems

RMF, DoDI 8510.01, DoDI 8500.01, DoD 8140.03, AFI 17-101, NIST SP 800-53, CNSSI 1253, FIPS 199.
eMASS and ITIPS at reviewer/approver level.
SSP, SAR/RAR, RARS, POA&M, ATO, continuous monitoring, control inheritance, risk acceptance.
DISA STIGs/SRGs, ACAS/Nessus, SCAP, HBSS/ESS, vulnerability management.
Air Force cyber reporting channels, Wing Cybersecurity Office coordination, AFCYBER reporting awareness.
Strong leadership, audit readiness, briefing, technical writing, and cross-functional coordination skills.

Education / Experience

Bachelor’s degree in cybersecurity, computer science, information systems, engineering, or related field preferred.
7–10+ years of cybersecurity, RMF, IA, ISSM, ISSO, or DoD system security experience.
3+ years managing or overseeing ISSOs, RMF packages, ATOs, or cybersecurity compliance programs.
Air Force, DoD FM, ERP, financial system, or enterprise mission system experience strongly preferred.

Certifications

Recommended minimum:

CISSP, CISM, CGRC/CAP, CASP+/SecurityX, GSLC, or equivalent DoD 8140-aligned senior cybersecurity certification.

Preferred:

CISSP-ISSMP, CISM, CGRC, PMP, CCSP, GSLC, or advanced RMF/DoD cybersecurity training.

DoD 8140.03 now governs cyberspace workforce qualification, replacing the older 8570 framework for role-based qualification alignment.

“We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, s ex, s exual orientation, gender identity, national origin, veteran or disability status.”

www.p3scorp.com

Pay: $90,000.00 - $150,000.00 per year

Benefits: