Information System Security Manager; ISSM - Senior

Overview

Information System Security Manager (ISSM) – Falls Church, Virginia. Full-time. IMPORTANT NOTICE:
This position is contingent upon contract award.

ISSMs are responsible for overall security program management for assigned systems, including developing and maintaining System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POAMs). They coordinate security assessments, manage authorization packages through eMASS, and serve as the primary liaison between system owners and Authorizing Officials. This role ensures compliance with NIST 800-53 controls and DoDI 8510.01 Risk Management Framework requirements.

• Manage 15-25 information systems requiring continuous authorization to operate.
• Develop and maintain System Security Plans documenting system boundaries, security controls, and implementations.
• Coordinate 5-10 security assessments annually including IATT, self-assessments, and continuous monitoring reviews.
• Prepare authorization packages for Authorizing Official review and ATO renewals.
• Maintain authorization packages within eMASS including all required documentation.
• Track and manage 100-200 open POA&Ms requiring remediation coordination and closure.
• Assess 1,200-2,000 NIST 800-53 controls across system portfolio.
• Generate monthly continuous monitoring reports to Authorizing Officials.
• Coordinate 3-5 annual Authorization to Operate renewals.

• Systems Managed: 15-25 systems per ISSM.
• Annual Assessments: 5-10 security assessments.
• SSPs Maintained: 15-25 with annual updates.
• POA&M Management: 100-200 open POA&Ms tracked.
• Control Assessments: 1,200-2,000 NIST 800-53 controls.
• Monthly Reporting: 20-30 continuous monitoring reports.
• ATO Renewals: 3-5 annual authorizations.

• Clearance:
  Secret (NIPR), Top Secret (SIPR), or TS/SCI Eligible (JWICS) based on network assignment.
• Education:
  
  Bachelor's Degree in Information Technology, Cybersecurity, Computer Science, or related field.
• Experience:
  
  10+ years information security experience with extensive RMF knowledge.
• Certifications:
  
  IAM-II Level required (CAP, CASP+ CE, CISM, CISSP or Associate, GSLC, CCISO, or HCISPP).
• Technical Knowledge:
  Expert knowledge of NIST 800-53, RMF process, DoDI 8510.01, eMASS system, classified network operations.

Advana is the Department of Defense Chief Digital and Artificial Intelligence Office's (CDAO) enterprise-wide data, analytics, and AI platform. Advana provides DoD military and civilian decision makers with unprecedented access to enterprise data, tools, and capabilities in a secure environment. The platform hosts hundreds of curated applications across logistics, financial management, personnel, health, and other domains, accelerating decision advantage through accessible, actionable data and AI capabilities.

This position supports comprehensive cybersecurity operations for the Advana platform across three classified networks (NIPR, SIPR, JWICS).

• Position Status:
  This position is contingent upon contract award.
• Start date will be determined upon contract award.
• We will maintain contact with selected candidates throughout the award process.

• U.S. Citizen required.
• Clearance varies by network:
  Secret (NIPR), Top Secret (SIPR), or TS/SCI Eligible (JWICS).
• On-premises work required at Suffolk Building, Falls Church, VA.
• No remote work options available.
• Standard business hours with operational flexibility.

• 4 Weeks Paid Time Off.
• All Federal Holidays are paid vacation.
• Four Percent Matching 401K.
• Full health/vision/dental benefits for the employee and family paid 100% by ZTI Solutions, LLC

We thank all applicants for their interest. Only candidates selected for interviews will be contacted.