Information System Security Manager (ISSM) - Clearance Required

LMI is seeking a Senior Information System Security Manager (ISSM) to provide cybersecurity leadership and authorization oversight for the U.S. Army Center for Initial Military Training's (CIMT) Holistic Health & Fitness Management System (H2FMS).This position requires an active Secret clearance; Top Secret clearance preferred.

H2FMS is a secure analytics and data environment operating in Army GovCloud that integrates the vendor-provided H2F data capture application with cloud hosting, data pipelines, analytics, and a custom user interface supporting Soldier and unit readiness across all five H2F domains.

The Senior ISSM serves as the lead cybersecurity authority for the program, responsible for ensuring compliance with RMF, maintaining continuous ATO (cATO) requirements, implementing Zero Trust principles, overseeing cybersecurity operations, and serving as the primary cybersecurity interface with Army AO/AODR, ISSO staff, Cloud Architects, DevSecOps Engineers, and the Technical PM.

LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed.

Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government, efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors-helping agencies navigate complexity and outpace change. Headquartered in Tysons, Virginia, LMI is committed to delivering impactful results that strengthen missions and drive lasting value.

Lead all cybersecurity activities for H2FMS in accordance with DoW, Army, and RMF requirements in coordination with the customer's cyber leadership.
• Manage all phases of the ATO lifecycle, including initiation, assessment, authorization, and ongoing continuous monitoring.
• Maintain compliance with continuous ATO (cATO) conditions and ensure all security controls are implemented, tested, and documented.
• Serve as the senior cybersecurity advisor to the Technical PM, Cloud Architect, DevSecOps team, AO/AODR, and Army cybersecurity stakeholders.
• Provide authoritative cyber guidance for cloud architectures, identity and access management, network configuration, logging, monitoring, encryption, and Zero Trust compliance.
• Oversee security architecture integration for the vendor-provided H2F data capture application into Army GovCloud.
• Ensure secure implementation of:

• Boundary protection
• API security
• Secrets management
• Vulnerability identification and remediation
• Automated security controls in CI/CD pipelines

• Oversee vulnerability scanning, STIG compliance, patching, audit readiness, incident response, and threat monitoring.
• Review security logs, SIEM alerts, and behavioral indicators for anomalies or suspected compromise.
• Ensure continuous monitoring artifacts are accurate, complete, and delivered on schedule.
• Lead development and maintenance of all RMF artifacts including:

• System Security Plan (SSP)
• Security Assessment Reports (SAR)
• POA&Ms
• Contingency Plans
• Incident Response Plans
• Configuration management documentation
• Ensure all documentation remains audit-ready and compliant with Army and DoD requirements.
• Identify, prioritize, and manage cybersecurity risks across the H2FMS environment.
• Provide cybersecurity inputs to program reviews, sprint planning, risk boards, and technical design discussions.

• Collaborate with:
• Cloud Architects
• DevSecOps Engineers
• Data Engineers
• AI/ML Engineers
• UI/UX developers
• Human Performance SMEs
• Ensure cybersecurity controls and monitoring are built into all components of H2FMS.
• Serve as the primary cybersecurity liaison to:
• AO/AODR
• ISSO teams
• Army Cybersecurity offices
• Enterprise cloud service providers
• Provide clear communication and status updates to Army leadership.
• Support periodic audits, inspections, penetration tests, and compliance reviews.
• Mentor junior cybersecurity personnel and guide day-to-day ISSO activities.
• Support training and awareness for developers, engineers, and SMEs on secure practices.
• Establish cybersecurity best practices and standard operating procedures.

Required Qualifications

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Engineering, or related discipline.
• 10+ years of cybersecurity experience, including at least 5 years supporting DoW systems.
• Demonstrated expertise in RMF, ATO processes, and continuous monitoring.
• Strong understanding of DoW cloud environments, preferably AWS GovCloud, Azure IL4/IL5, or cARMY.
• Hands-on experience in:
• Security architecture
• Vulnerability management
• Logging and monitoring
• STIGs and DISA controls
• Zero Trust principles
• Ability to interface with AO/AODR and senior Army cybersecurity stakeholders.
• Must hold an active DoW Secret clearance (Top Secret preferred).
• Must hold a DOW 8140 certification for ISSO elevated privileges (e.g., CISSP, CASP+).
• Location: Remote.
• Travel: Ability to travel to Fort Eustis, VA or LMI HQ in Tysons, VA 1-2 times per quarter for planning and collaboration.

Desired Qualifications

• Experience supporting CIMT, TRADOC, H2F, or similar Army programs.
• Experience securing analytics platforms, AI/ML systems, or data integration pipelines.
• Experience with DevSecOps environments and automation of security workflows.
• Certifications such as CCSP, CISM, CEH, AWS/Azure Security certifications, or equivalent.
• Experience with cloud-native security tools (GuardDuty, Security Hub, Sentinel, Defender, Prisma, etc.).

Target salary range: $109,242 - $180,000

Disclaimer:

The salary range displayed represents the typical salary range for this position and is not a guarantee of compensation. Individual salaries are determined by various factors including, but not limited to location, internal equity, business considerations, client contract requirements, and candidate qualifications, such as education, experience, skills, and security clearances.