Information Security Systems Manager

Summary

Join Arlo Solutions as an RMF Information Security Systems Manager (ISSM) and Subject Matter Expert, supporting the DoD’s Chief Digital and Artificial Intelligence Office (CDAO). This role requires expertise in implementing and managing cybersecurity controls, developing security policies, conducting risk assessments, and managing security incidents. You will collaborate with various stakeholders, ensuring compliance with relevant security standards and frameworks. The position demands a strong background in information security, risk management, and compliance, along with excellent communication skills. Full-time remote work is available, with candidates in the Washington DC Metropolitan area preferred. A Top Secret clearance is required.

Requirements

• Should have a strong background in information security, risk management, and compliance
• Strong client focus and commitment to continuous improvement, ability to proactively network and establish relationships
• Manage multiple priorities in a high-paced and fast-changing environment
• Perform other duties as assigned or required
• Must have an active TS/SCI Clearance
• Bachelor’s degree in computer science/information technology, or other related degree fields (Master’s Degree is preferred or at least 10 years of related experience)
• At least 10+ years of cybersecurity experience including a senior technical or management role, Project or Program Management experience a plus
• At least one IAT/IAM or equivalent security certifications ex. CISSP, CCSP, CISM, CISA, or CASP
• Experience working with OSD leadership or Military component or branch
• Excellent communication/presentation skills briefing senior military and government civilian leadership
• Experienced with writing policies, guides, procedures
• Experience in hands on with eMASS, Xacta and/or other GRC tools
• Experience with Federal and FedRamp A&A Processes
• Experienced and comfortable advising at the Senior Executive Service (SES) level of customers

Responsibilities

• Expertly Implements and Manages Cybersecurity Controls: Implement and manage controls across all system lifecycle phases, ensuring alignment with DoD 8500.01 and NIST 800-53 requirements to maintain robust security posture, tailored risk mitigations, and full alignment with DoD cybersecurity directives and OVL processes
• Security Policy Development: Develop and implement security policies, procedures, and guidelines to ensure compliance with applicable laws, regulations, and industry best practices
• Risk Management: Conduct risk assessments and identify potential vulnerabilities and threats to information systems. Develop and implement risk mitigation strategies and controls to minimize the impact of security incidents
• Security Planning and Implementation: Collaborate with system administrators, network administrators, and other stakeholders to plan and implement security measures for information systems. This includes establishing security controls and standards for information systems including Continuous Monitoring
• Incident Response and Management: Develop and implement incident response procedures to reconstitute system operations to address security incidents and breaches
• Assurance and Resiliency: Ensure compliance with relevant security standards, regulations, and frameworks. Conduct periodic security audits and assessments to evaluate the effectiveness of security controls and identify areas for improvement
• Security Documentation and Reporting: Maintain accurate and up-to-date security documentation, including security plans, risk assessments, and incident reports. Provide regular reports to management on the status of information security and any identified risks or vulnerabilities
• Utilize expert knowledge and experience regarding risk management strategies in support of a major DoD program
• Collaborate between the Cyber Risk Assessor/Security Control Assessor and the program as well as DoD senior leadership
• Reporting of status and metrics for body of evidence and authorization conditions
• Develop and implement security policies, procedures, and guidelines to ensure compliance with applicable laws, regulations, and industry best practices
• Conduct risk assessments and identify potential vulnerabilities and threats to information systems
• Develop and implement risk mitigation strategies and controls to minimize the impact of security incidents
• Collaborate with system administrators, network administrators, and other stakeholders to plan and implement security measures for information systems. This includes establishing security controls and standards for information systems including Continuous Monitoring
• Develop and implement incident response procedures to reconstitute system operations to address security incidents and breaches
• Ensure compliance with relevant security standards, regulations, and frameworks
• Conduct periodic security audits and assessments to evaluate the effectiveness of security controls and identify areas for improvement
• Maintain accurate and up-to-date security documentation, including security plans, risk assessments, and incident reports
• Provide regular reports to the Government customer on the status of information security and any identified risks or vulnerabilities
• Provide support regarding the DoD’s agile authorization. Experience with Operation Vulcan Logic (OVL) processes a plus

Preferred Qualifications

• Have a strong background in information security, risk management, and compliance
• Strong clients focus and commitment to continuous improvement, ability to proactively network and establish relationships
• Manage multiple priorities in a high-paced and fast-changing environment
• Perform other duties as assigned or required

Benefits

Full-Time REMOTE