Information System Security Manager (Senior)

Information System Security Manager (Senior)

LOCATION:WPAFB, Dayton, OH

JOB STATUS:Full-Time
CLEARANCE:Secret

Must be a US Citizen

Astrion has an exciting opportunity for a Information System Security Manager who will serveas the primary cybersecurity technical advisor to the Authorization Official (AO), Program Manager (PM), and Information System Owner (ISO). The ISSM ensures cybersecurity is integrated throughout the IT/system lifecycle in accordance with DoDI 8510.01 (RMF), supporting continuous authorization and risk management activities for assigned AF IT. The senior ISSM performs complex tasks independently, provides subject matter guidance across the PMO/CDT, and oversees the work and development of ISSOs, privileged users, and junior/journeyman contractor personnel.

REQUIRED QUALIFICATIONS / SKILLS:

• Master's or Doctorate in a related field and 10 years of experience in the technical/professional discipline, 5 years in the DoD; OR
• Bachelor's in a related field and 12 years of experience, 5 years in the DoD; OR
• 15 years of directly related experience with proper certifications as described in the PWS, 8 years in the DoD.

RESPONSIBILITIES:

• • Cybersecurity Governance & Advisory
  • Advise the AO, PM, and ISO on cybersecurity risks, posture, and controls; ensure integration of cybersecurity across the SDLC per DoDI 8510.01 and AFI 17-101.
  • Continuous Authorization & Monitoring
  • Coordinate development of an Information System Continuous Monitoring (ISCM) strategy; continuously monitor systems and environments for security-relevant events; assess proposed configuration changes for cybersecurity impact; and evaluate control implementation quality against performance indicators.
  • RMF / CSF / NIST Compliance
  • Assess and continuously monitor cybersecurity risk ensuring legacy and new capabilities adhere to Risk Management Framework (RMF), Cybersecurity Framework (CSF), and NIST guidance; align with the AO's ISCM direction.
  • Assessment & Authorization (A&A)
  • Develop, advise, and update system-level A&A documentation (e.g., System Security Plans, Security Assessment Plans/Reports), and Plans of Action & Milestones (POA&Ms) to obtain/maintain ATO/ATC within AF timelines; ensure conformance with DoDI 8510.01, AFI 17-101, DoD Cybersecurity KS, CNSSI 1253, AFI 17-130, and AO-specific requirements.
  • Control Families & Security Domains
  • Provide guidance across: Access Control, Configuration Management, System & Communications Protection, Contingency Planning, Incident Handling, System & Information Integrity, Security/Privacy Training & Awareness, and secure software development activities, including cybersecurity-relevant software/tools.
  • Incident & Change Management
  • Ensure cybersecurity-related events or configuration changes that affect authorization or degrade security posture are formally reported to the AO and other affected parties (IOs, stewards, interconnected AOs); drive corrective actions to closure.
  • Training & Workforce Readiness
  • Ensure ISSOs and privileged users receive required technical training and obtain/maintain certifications.
  • Lifecycle Compliance
  • Ensure AF IT is acquired, documented, operated, used, maintained, and disposed of properly IAW DoDI 5000.02 and DoDI 8510.01; coordinate with PM and AO staffs on any proposed/actual system/environmental changes.
  • Stakeholder Coordination & Reporting
  • Prepare and present cybersecurity status, risk, metrics, and artifacts to PMO leadership, AO staff, and enterprise stakeholders; contribute to acquisition documentation to satisfy ACAT statutory/regulatory requirements.
  • Software Assurance Support
  • Partner with engineering teams to embed secure-by-design practices and DevSecOps guardrails; assess code/config changes for security impact; support vulnerability management and remediation across pipelines and deployments.