Information Systems Security Manager (ISSM)
Responsibilities
The primary responsibility of the Information Systems Security Manager (ISSM) is to establish, document and monitor the
Customer’s cyber security program implementation plan, and ensure compliance with published DoD policies and
regulations governing these programs. The ISSM must have a working knowledge of cyber security policies and technical
cyber security protection measures, including the Risk Management Framework (RMF), DISA Security Technical
Implementation Guides (STIGs), Enterprise Mission Assurance Support Service (EMASS), and other applicable systems
and regulations. The ISSM will lead the effort to make risked based recommendations to authorizing officials for initial or
continued operation on the DoDIN.
Responsibilities of this position include:
Provide direct guidance on issues and tasks related to cybersecurity and the associated administration,
development, policy, plans, programs, and initiatives as the Information System Security Manager (ISSM).
Manage the Risk Management Framework (RMF) System Authorization process to ensure all customer systems
connected to the Army portion of the DoD Information Network (DoDIN) meet all established requirements.
Prepare the IA certification and accreditation documentation.
Assist with preparation of cybersecurity recommendations for the secure connection of systems and networks
operated by other organizations to systems operated under the approval of the Theater Authorizing Official
Provide Cybersecurity technical review, and validation, of all proposed IT projects.
Analyze requirements for Cybersecurity services and related support within the area of operations.
Evaluate cost benefit, economic and risk analysis in decision making process.
Execute the risk management framework (RMF) as defined in the National Institutes of Science and Technology
(NIST), Department of Defense (DoD), and Army guidance
Coach, mentor, and train personnel in RMF implementation, operation, and maintenance, including use of the
Enterprise Mission Assurance Support.
Review assigned IT capabilities for compliance with RMF and evaluates security risk of operating assigned
systems on the DoD Information Network (DoDIN).
Make risk-based recommendations to authorizing officials for continued or initial operation on the DoDIN.
Provide enclave IA guidance for development of the COOP.
Advise the DAA of changes affecting the enclave’s IA posture.
Required Skills:
8+ years of experience in Information Assurance and Security
10+ years of management experience
Ability to perform IAM Level III functions listed in Table C4.T7. of DoD 8570.01-M Information Assurance
Workforce Improvement Program
Excellent documentation skills including experience creating and maintaining network and system diagrams
Knowledge of information assurance procedures and implementation of technologies to address security controls
Knowledge of current methodologies including Continuous Monitoring / Continuous ATO, Assess-Only, ATO
management for DevSecOps environments
Demonstrated oral and written communication skills
Must have and maintain IA baseline certification based on IAM III identified in DoD 8570.01-M Information
Assurance Workforce Improvement Program (one of the following): Certified Information Systems
Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Security Leadership
Certificate (GSLC), or Certified Chief Information Security Officer (CCISO)
Must be a U.S. Citizen
Must have an active DoD Secret Clearance, and the ability to hold and maintain a Top Secret Clearance
Preferred Skills:
Master’s degree in information security and/or assurance
Experience with Nessus Security Center / ACAS or other system security scanner
GSEC, GSNA, CEH or similar certification desirable
Linux/Unix knowledge strongly desired
Familiarity with Army Networks including DoDIN and DCO Mission network
Apply
