Senior Information System Security Manager (ISSM)

Job Description

ECS is seeking a Senior Information System Security Manager (ISSM) to work in our Fairfax, VA office.

ECS is seeking a seasoned Senior Information System Security Manager (ISSM) to support cybersecurity for an IL5/IL6 hybrid enterprise environment spanning cloud (AWS GovCloud, Azure Government) and on-premise systems within the Department of War (DoW). This role operates in a hybrid onsite/remote capacity. The ISSM is the high-level authority responsible for managing the Cybersecurity Program, ensuring compliance, managing risk, and maintaining information systems' security posture.

This role demands a talented, motivated security professional capable of navigating the complex Risk Management Framework (RMF) and operational deployment landscape across both Government and Commercial Off-The-Shelf (GOTS/COTS) environments. The ISSM assesses the security posture of existing government investments and commercial solutions to ensure they meet stringent National Institute of Standards & Technology (NIST) and DoW compliance standards. The ISSM leverages vast expertise to architect hybrid approaches that optimize system capabilities while maintaining robust cybersecurity defenses, rigorous Continuous Monitoring, and overall operational effectiveness. The ISSM oversees Information System Security Officers (ISSO), manages authorizations, and bridges the gap between technical teams and senior leadership.

This role represents the intersection between cybersecurity engineering, RMF compliance, strategic risk management, and innovative solutioning for network, hardware, software, and cybersecurity challenges - all within an organization that values operational security and contributes to national security.

Key Responsibilities:

The ISSM serves as the primary advisor to leadership on all information system security matters, operating at a strategic organizational level to protect data assets.

Core Strategic & Governance Responsibilities

• Lead the creation and enforcement of enterprise-wide security policies, standards, and procedures to ensure compliance with federal and organizational mandates.
• Oversee full execution of the RMF process, including system categorization, security control selection, and continuous monitoring.
• Ensure systems adhere to regulations such as FISMA, NIST SP 800-series, and CMMC.
• Acquire and manage necessary resources, including budgets and specialized security personnel, to meet organizational security goals.

Operational & Technical Oversight

• Coordinate the preparation and maintenance of System Security Plans (SSP) and assessment packages to secure and maintain formal system authorizations to operate (ATO).
• Spearhead vulnerability assessments and audits, prioritizing remediation activities and interpreting technical threats for executive leadership.
• Lead high-level incident response efforts during security breaches, ensuring proper forensic investigations and post-event analysis.
• Oversee security-relevant configuration changes to hardware, software, and firmware, assessing their impact on systems' operational security posture.

Leadership & Collaboration

• Manage and mentor ISSOs and other cybersecurity professionals.
• Translate complex technical security challenges into business risk language for senior leadership and the C-suite.
• Institute organization-wide training programs to foster a security-conscious culture among all personnel.
• Act as the primary point of contact for external auditors, government customers, and regulatory bodies (e.g., DCSA or CISA).

Business & Mission Support

• Support business development activities by enabling secure system authorizations (ATO) and ensuring compliance with CMMC and DFARS requirements.
• Facilitate growth by securing ATOs for new contracts, implementing CMMC/DFARS standards to win government bids, and fostering secure, scalable innovation.
• Work with cross-functional Corporate teams to align initiatives with ECS goals and objectives.
• Identify opportunities for continuous improvement and innovation.
• Other duties, as assigned.

Required Skills

• U.S. Citizen.
• Active DoW Top Secret security clearance; TS/SCI security clearance preferred (and ultimately required).
• Ability to work in a hybrid, remote/onsite capacity in Fairfax, VA (~3 days in office).
• Bachelor's degree in Computer Science; Cybersecurity, Information Systems Management; or similar Science, Technology, Engineering and Mathematics (STEM) discipline; Master's degree preferred.
• 16+ years in cybersecurity, information assurance, or IT security, with 8+ years in a senior leadership, ISSM, or Security Architect role.
• Active DoW 8140/8570 IAT or IAM Level III certification (CISSP preferred; CISM, CASP+, or equivalent also acceptable).
• Extensive knowledge and hands-on proficiency with the following 5 cybersecurity frameworks, standards, and/or governing bodies:
• NIST Special Publication 800-53, Revision 5 (Security and Privacy Controls for Federal Information Systems and Organizations)
• NIST Risk Management Framework SP 800-37 (Guide for Applying the Risk Management Framework)
• CNSS (Committee on National Security Systems Instructions), specifically CNSSI No. 1253 (often paired with NIST standards)
• NISPOM (National Industrial Security Program Operating Manual)
• DCSA DAAPM (Defense Counterintelligence and Security Agency Assessment and Authorization Process Manual)
• Extensive experience with:
  • Full RMF lifecycle (A&A, ATO)
  • Network architecture, cloud security (FedRAMP), data protection, encryption, and Cross Domain Solutions
  • Threat modeling and analysis, vulnerability management, and leadership on incident response investigation/ remediation efforts
  • Offensive and defensive security techniques
  • Security policy creation and enforcement, standard operating procedures (SOPs), and security plans
  • Compliance Tools, including eMASS, XACTA, ACAS/Tenable Nessus, SCAP, and STIGs/SRGs
  • Penetration Testing and/or Certified Ethical Hacking (CEH)
• Demonstrative knowledge and expertise with:
  • DoW Information Technology and Cybersecurity best practices
  • Windows Domain and Linux systems architectures
  • Architecture, software design, networking, virtualization, and cloud-based technologies / infrastructure
  • Distributed team management, including overseeing ISSOs, and guiding/directing subcontractors
• Prior accountability for:
  • Liaising with Authorizing Officials (AO), Program Managers, and C-suite executives
  • Managing security budgets, vendor risk, and long-term security architecture planning
  • Discovering and implementing evolving technologies, including AI/cloud integration
  • Rendering High-risk security decisions
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

Desired Skills

• Active DoW TS/SCI or higher security clearance.
• Master's degree in Computer Science; Cybersecurity, Information Systems Management; or similar STEM discipline.
• Expertise with artificial intelligence and machine learning (AI/ML) systems.
• Hands-on experience with Atlassian's Jira and Confluence.
• Prior DoW program management and/or close collaboration with DoW organizations and performers.

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3200+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.