Information System Security Manager Business Development

Responsibilities

• Serve as the company’s named ISSM and primary point of contact for system security with government agencies.
• Establish, maintain, and enforce the cybersecurity program in alignment with cybersecurity and risk management requirements such as CNSSI 1253, DODI 8500.01, CMMC, and export control requirements such as ITAR and EAR.
• Develop and maintain required documentation including System Security Plans (SSPs), POA&Ms, and other audit deliverables.
• Ensure information systems are categorized, accredited, and authorized per federal and DoD requirements.

• Work directly with IT staff to implement and validate technical controls across Windows, Linux, VMware, M365, AWS, and network infrastructure.
• Partner with Infrastructure and Service Desk to integrate compliance into patching, hardening, access control, monitoring, and backups.
• Support identity governance, onboarding/offboarding, and endpoint management (Intune, GPO, MFA policies).
• Deploy, configure, and manage security technologies (SIEM, vulnerability scanning, EDR, firewall logging).

• Conduct periodic self-inspections, risk assessments, and vulnerability analysis to drive continuous compliance.
• Map regulatory requirements into actionable IT tasks for audit readiness.
• Ensure secure handling, storage, and transmission of classified, Controlled Unclassified Information (CUI), and export regulated information.

• Lead incident response activities: detection, investigation, containment, reporting, and remediation.
• Oversee continuous monitoring of systems, ensuring logs and alerts are effectively triaged and acted upon.
• Collaborate with IT admins to remediate findings and strengthen defense posture.

• Report to the Director of IT, partnering with Infrastructure, Service Desk, the InfoSec Manager, Facility Security Officer, and Security/Compliance Engineers.
• Act as a bridge between compliance frameworks and practical IT implementations.
• Mentor IT staff on secure practices and compliance-minded administration.
• Provide executive leadership with risk briefings, compliance status, and program maturity reports.
• Help shape the roadmap for the eventual standalone security/compliance function within the organization.

Preferred Skills and Experience

• Strong communication skills to engage with IT teams, government inspectors, and executive leadership.
• Security certifications: CISSP, CISM, CAP, or CMMC-AB credentials.
• Demonstrated experience as an ISSM or ISSO at a cleared defense contractor.
• Familiarity with security tooling such as SIEMs, EDR platforms, vulnerability scanners, and PKI.
• Proven success representing organizations during DCSA or DoD audits.