SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 22037, Fairfax, VA
  3. Information Systems Security Manager

Information Systems Security Manager

ECS Tech Inc
Posted a day ago, valid for 20 days
Location

Fairfax, VA 22037, US

Salary

Competitive

Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • ECS is looking for an Information Systems Security Manager (ISSM) to join their team in Fairfax, VA, focusing on U.S. Navy systems and programs.
  • The ideal candidate should have at least 8 years of cybersecurity experience, with a minimum of 3 years as an ISSM or senior ISSO in a DoD/Navy environment.
  • The role requires a strong understanding of the Risk Management Framework (RMF) and familiarity with eMASS, along with compliance with various cybersecurity standards.
  • Candidates must hold an active Secret clearance (TS/SCI preferred) and have a Bachelor's degree in Cybersecurity, Information Technology, or a related field.
  • Salary details are not specified, but the role emphasizes the need for strong organizational and communication skills, as well as the ability to manage cybersecurity risks effectively.

ECS is seeking an Information Systems Security Manager to work in our Fairfax, VA office

 

ECS is seeking an experienced Information System Security Manager (ISSM) to support U.S. Navy systems and programs. The ISSM will serve as the primary cybersecurity authority for assigned systems, ensuring compliance with Department of Defense (DoD) and Department of the Navy (DON) cybersecurity policies under the Risk Management Framework (RMF).

The ideal candidate will have deep experience supporting Navy Authorizing Officials (AOs), working within Navy/DoD environments such as NAVWAR, NAVAIR, NAVSEA, or Fleet Cyber Command, and maintaining system authorization packages in eMASS.

 

The ISSM will lead the preparations and interactions with the government for system security assessments and ensure the IS maintains its Authority to Operate (ATO). The ISSM will manage the implementation of security policies, conduct risk assessments, manage security controls, and Plan of Actions and Milestones (POAM). The ISSM is expected to advise senior management on cybersecurity issues, communicate security risks, and collaborate with technical teams and other stakeholders. The successful candidate is able to multitask; assume ownership and accountability of risks, issues, and tasks; and successfully manage and resolve those risks, issues, and tasks to completion.  The successful candidate is also able to work well in a team-oriented environment; self-manage his/her own tasks; and provide hands-on guidance, direction, and mentoring to the technical team. Finally, the successful candidate is extremely well-organized, well written, has a keen eye for detail, and can clearly articulate information (both orally and in writing) to customers, stakeholders, peers, and leadership within and external to the Program and organization.

 

Key Responsibilities:

  • Serve as the ISSM for Navy information systems in accordance with DoDI 8510.01 (RMF) and DoDI 8500.01 (Cybersecurity)
  • Oversee the full RMF lifecycle: categorization, control selection, implementation, assessment, authorization, and continuous monitoring
  • Develop, maintain, and manage RMF documentation including:
    • System Security Plans (SSPs)
    • Security Assessment Reports (SARs)
    • Plan of Action & Milestones (POA&Ms)
    • Continuous Monitoring Strategies
  • Ensure compliance with:
    • NIST SP 800-53 Rev. 5 security controls
    • NIST SP 800-37 Rev. 2 (RMF Guide)
    • DoD Cybersecurity Manual (DoDM 5200.01)
    • SECNAV M-5239.1 (Department of the Navy Cybersecurity Manual)
  • Interface directly with Navy stakeholders including:
    • Authorizing Officials (AOs)
    • Security Control Assessors (SCAs)
    • Information System Owners (ISOs)
    • Program Managers (PMs)
  • Manage system accreditation activities within eMASS and ensure data accuracy and completeness
  • Conduct and support security control assessments, vulnerability management, and mitigation tracking
  • Ensure compliance with STIGs (Security Technical Implementation Guides) and SRGs (Security Requirements Guides) from DISA
  • Support audits, inspections, and cybersecurity readiness reviews (e.g., FISMA, DON CIO inspections)
  • Provide cybersecurity guidance to engineering teams throughout system development lifecycle (SDLC), aligning with DevSecOps practices where applicable
  • Oversee incident response coordination in alignment with DoDI 8530.01 (Cyber Incident Response) and Navy procedures
Qualifications
  • Active Secret clearance (TS/SCI preferred)
  • Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience)
  • 8+ years of cybersecurity experience, with 3+ years as an ISSM or senior ISSO in a DoD/Navy environment
  • Strong experience implementing RMF under DoDI 8510.01 (latest version)
  • Hands-on experience with eMASS
  • In-depth knowledge of:
    • NIST SP 800-53 Rev. 5 controls
    • NIST SP 800-37 Rev. 2
    • DoDI 8500.01 / 8510.01
    • SECNAV M-5239.1
  • Experience supporting Navy programs (e.g., NAVWAR, NAVAIR, NAVSEA, or USMC systems)
  • Familiarity with:
    • DISA STIGs and SCAP compliance tools
    • ACAS (Assured Compliance Assessment Solution)
    • HBSS / Endpoint Security Solutions
  • Strong understanding of system architectures (on-prem, cloud, hybrid)

 



Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs