[Hiring] Information Systems Security Manager @Systems Planning and Analysis

Role Description

The Information Systems Security Manager (ISSM) is responsible for the end-to-end cybersecurity posture of the KM Platform across all environments, classifications, and mission systems—current and future. This role leads the cybersecurity branch within Systems Engineering and directs a team of ISSEs/ISSOs to ensure security is not a compliance afterthought, but a continuously enforced, operational capability embedded into the platform.

The ISSM owns the integrity of the platform’s authorized boundary, ensuring that security remains consistent, scalable, and resilient as the platform evolves. This role establishes and enforces the security model that enables application teams to deliver rapidly and confidently by removing security as a source of variability, rework, or delay.

Responsibilities

• Lead and manage the cybersecurity function, providing direction, prioritization, and oversight for all ISSE/ISSO personnel supporting the platform.
• Own and maintain the platform’s cybersecurity posture across all environments (IL4, IL5, IL6, and classified), ensuring alignment with ATO requirements and mission needs.
• Establish and enforce a consistent security baseline that persists across applications, environments, and time, eliminating variability in how security is applied.
• Govern all changes to the platform through a structured security impact and configuration management process to preserve the integrity of the authorized boundary.
• Oversee continuous monitoring, vulnerability management, and remediation processes to ensure risks are identified, prioritized, and resolved proactively.
• Ensure application onboarding integrates security requirements from the start and that enforcement is automated through DevSecOps pipelines (e.g., scanning, SBOM, policy enforcement).
• Enforce least-privilege access, workload isolation, and auditability across all platform users, systems, and data.
• Serve as the primary authority and interface for cybersecurity with government stakeholders, Authorizing Officials, and external auditors.
• Drive standardization of security practices across teams, ensuring predictable, repeatable paths to production without rework or ambiguity.
• Integrate cybersecurity into platform engineering, DevSecOps, and operational workflows to enable secure continuous delivery at scale.

Expected Outcomes

• Security is a built-in, continuously enforced capability of the platform, not a variable introduced by individual teams or deployments.
• The platform maintains sustained ATOs across environments, with changes introduced without degrading the authorized boundary or requiring rework.
• Application teams experience predictable, frictionless paths to production, with clear and stable security requirements that do not change midstream.
• Vulnerabilities are identified early and resolved proactively, minimizing operational risk, audit findings, and mission impact.
• All platform changes are controlled, assessed, and introduced without unintended security consequences, preserving system stability and trust.
• Access, data, and workloads are securely isolated and auditable, reducing risk exposure and ensuring accountability across users and teams.
• The software supply chain is transparent and continuously monitored, with full visibility into dependencies and associated risks.
• Cybersecurity enables speed, not delay, allowing rapid, secure delivery of mission capabilities without sacrificing assurance.
• The cybersecurity team operates as a high-performing, unified function, delivering consistent outcomes across all environments and programs.

Qualifications

• Active Top Secret clearance.
• Bachelor’s degree in relevant field of study from an accredited institution.
• 10 years of relevant hands-on experience.
• Demonstrated experience leading a cybersecurity program or function, including directing ISSE/ISSO personnel and managing security strategy across multiple environments or classifications.
• Proven ability to own and maintain a system’s cybersecurity posture, ensuring alignment with ATO requirements and governing security frameworks across IL4–classified environments.
• Hands-on background establishing and enforcing consistent security baselines, conducting security impact assessments, and governing changes through structured configuration-management processes.
• Deep experience overseeing continuous monitoring, vulnerability management, remediation workflows, and automated enforcement of security requirements within DevSecOps pipelines.
• Strong track record interfacing with government cybersecurity stakeholders and auditors, communicating and defending security decisions, and ensuring predictable, secure paths to production.