Information System Security Manager (ISSM)

Job Description

Job DescriptionDescription:

Job Title: Information System Security Manager (ISSM)

Location: Northern Virginia

Department: Cyber Security Services

Reports To: Management

FLSA Status: Full Time/Non-exempt

Apavo is at the forefront of cybersecurity, providing services to military, defense, and critical infrastructure industries. Joining the Apavo team means becoming part of a company rooted in the principles of quality, and communication. We value positive, candid interactions and the belief that everyone has valuable contributions to make. Apavo stands out for its commitment to a work-life balance and fostering a growth mindset among all team members. If you are looking to make a meaningful impact in the cybersecurity world while growing professionally in a supportive environment, Apavo is the place for you.

Job Purpose:

The Information System Security Manager (ISSM) is responsible for leading and overseeing the cybersecurity posture of assigned systems in alignment with DoD and federal requirements. The ISSM will manage the Risk Management Framework (RMF) process, ensuring systems achieve and maintain authorization while meeting all applicable cybersecurity regulations and standards. This includes developing and maintaining security documentation, coordinating with Authorizing Officials (AOs) and Authorizing Official Designated Representatives (AODRs), and providing direct oversight to Information System Security Officers (ISSOs) and system owners.

As a senior member of the cybersecurity team, the ISSM will drive compliance, implement security policies and procedures, and act as the primary liaison for security-related matters with government stakeholders and senior leadership. The ISSM plays a critical role in balancing mission objectives with risk management, ensuring that security controls are effectively integrated into all stages of system development and operations.

Duties & Responsibilities:

ISSM responsibilities include, but are not limited to:

• Develop and maintain Risk Management Framework (RMF) documentation and reports to achieve and maintain compliance with cybersecurity regulations, optimize current process to streamline approval process with Program Information Security System Manager (P-ISSM), Authorizing Official (AO) and Authorizing Official Designated Representatives (AODR) across the AMC Enterprise Mission Assurance Support System (eMASS) Portfolio for HQ and Enterprise records.
• Work in all steps of the RMF process with system owners, ISSO and ISSMs, and validate adequate security controls are in place to enable sound risk management decisions by the AO.
• Coordinate with the Government in obtaining security authorization for updated systems and emerging requirements.
• Develop, implement, and maintain security policies, procedures, and documentation to ensure compliance with DoD security standards and regulations (e.g., NIST, RMF, FISMA).
• Achieve and maintain compliance with cybersecurity regulations, optimize current process to streamline approval process.
• Coordinate with the Government in obtaining security authorization for updated systems and emerging requirements.
• Support developing a Privacy Program Plan to streamline privacy risk assessments around system vulnerabilities, threat assessments, and operational mission impacts.
• Support development of the command cybersecurity program to include reviews of external Policies, Guidance, Standard Operation Procedures (SOPs), and regulations from Department of Defense (DoD), Department of Army, National Institute of Standards and Technology (NIST), etc.
• Develop internal plans, policies, SOPs to execute the command program with a policy development process.
• Provide Communication Security governance and compliance reporting based on Orders and directives from higher headquarters to maintain security of encapsulation and encryption devices. Develop a knowledge management plan to capture data and provide business intelligence and data analysis related to all functions.
• Provide exercise support to validate the security of systems accredited by the Authorizing Official and/or Privacy Official.
• Develop additional technical and managerial cybersecurity training plans, guides and materials to enable workforce knowledge and compliance.
• Interactions involving clients and interfacing with senior management and Government.
• Coordinate with cross-functional teams (engineering, IT, operations) to implement and enforce security protocols and best practices.
• Ensure the accreditation process for DoD systems (e.g., RMF accreditation) is completed and maintained in compliance with all applicable requirements.
• Act as the primary point of contact for security-related issues, coordinating incident response and reporting to senior management and government customers.
• Stay current with emerging cybersecurity threats, vulnerabilities, and trends to ensure the program adapts to evolving security challenges.
• May supervise others.

The ISSM is expected to have additional duties as assigned in support of corporate cyber security services. Additional details are reviewed in accordance with company policies.

Requirements:

Qualifications

• Bachelors Degree in Computer Science or a related technical discipline
• Masters Degree preferred.
• Minimum 8-10 years of experience with 5 years in a leadership role.
• Must currently possess an active TS/SCI with the ability to obtain and maintain a CI polygraph.
• Effective communication skills to collaborate with cross-functional teams and stakeholders on implementing security measures organization-wide.
• Proven leadership skills including working in a team environment, fostering communication, listening to teammate concerns and reconciling internal issues or differences.
• Proven ability to solicit and process complex information and data to solve complex problems and make sound decisions.
• Ability to work effectively in a team environment to encourage collaboration, innovation, and continuous improvement.
• Strong analytical skills for identifying system vulnerabilities and documenting control implementation narratives.
• Knowledge of system artifact requirements in support of a System Security Plan.
• Familiarity with AWS and Cloud Service Provider requirements for development of System Impact Analysis and Documented Risk Acceptance.
• Jira and Agile SAFe experience or ability to learn is required.
• Detail-oriented with the ability to manage multiple tasks and prioritize effectively.
• IAM III preferred
• Comprehensive knowledge of RMF activities with ability to articulate to Executive audiences preferred
• Familiarity with Federal, NIST, DOD and IC security policies.
• Familiarity with federal regulatory requirements, contractual obligations, and industry standards related to information security. Evaluate adherence to standards such as Privacy, GDPR, and HIPAA

Other:

This is typical office or administrative work, and there is no exposure to adverse environmental conditions.

This position requires sedentary work. Sedentary work is defined as: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.

Apavo Corporation provides equal employment opportunities to all applicants and employees and strictly prohibits any type of harassment or discrimination in regards to race, religion, age, color, sex, disability status, national origin, genetics, sexual orientation, protected veteran status, gender expression, gender identity, or any other characteristic protected under federal, state, and/or local laws.

Consistent with the Americans with Disabilities Act (ADA), it is the policy of Apavo Corporation to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process. If reasonable accommodation is needed, please contact Apavo Human Resources at hr@apavo.com or 571-407-0069

Employment with Apavo Corporation is on an at-will basis, meaning either you or the Company can terminate the employment relationship, at any time, for any or no reason, and with or without cause or notice. As an at-will employee, your employment with Apavo Corporation is not guaranteed for any length of time.