Information System Security Manager

Full Job Description

As an ISSM, you will oversee a portfolio of FBI IT systems, provide strategic security oversight and ensure compliance with federal cybersecurity policies and risk management frameworks.

You will lead a team of contractor personnel, guide system owners through the SAA lifecycle, and ensure that security controls are properly implemented, assessed, and documented.

This role is critical to safeguarding FBI mission systems and maintaining the integrity of enterprise cybersecurity operations.

GS-13: Applicant must possess at least one (1) year of SE equivalent to the GS-12 grade level.

SE is defined as follows: Hands-on experience supporting cybersecurity compliance and RMF authorization activities for information systems.

Supporting implementation of the NIST Risk Management Framework (RMF) for federal information systems, including documentation, control implementation, and authorization support.

Knowledge of, and experience working with, the Risk Management Framework (RMF) process, either as an ISSO, ISSE, ISSR or another role.

Knowledgeable of assessing the security controls in Federal Information Systems NIST SP 800-53A. Ability to coordinate, prioritize and monitor work, including across multiple projects.

Experience in providing recommendations to senior ISSM's, ISSO's, and ISSM Team on security and engineering projects and initiatives.

GS-14: Applicant must possess at least one (1) year of SE equivalent to the GS-13 grade level.

In addition to the above, SE is defined as follows: Advanced experience leading cybersecurity risk management and authorization activities for federal information systems, lifecycle, including system categorization, security control selection, implementation, assessment, authorization, and continuous monitoring.

Leading Security Assessment and Authorization (A&A) activities and coordinating with System Owners, ISSOs, and Authorizing Officials to obtain and maintain system authorization.

Knowledgeable of the Risk Management Framework NIST Special Publication 800-53 Rev5, FISMA, and its implementation through NIST, CNSS, IC and other government standards Knowledgeable of assessing the security controls in Federal Information Systems NIST SP 800-53A.

Ability to coordinate, prioritize, and monitor work across multiple projects; in addition to providing guidance and recommendations on security and engineering projects and initiatives to leadership.

Desired Skills Desired skills are NOT mandatory and will NOT be utilized to minimally qualify applicants. Desired Skills are: Excellent customer service mindset and reputation.

Experience communicating in writing and orally.

Preferred certification in one or more cybersecurity disciplines (e.g., CISSP, CISM, CCSP, NCSF, etc.) Preferred prior architecture / systems engineering experience.

Preferred prior network, cloud system, and application development experience. Major Duties:

GS-13: Assist System Owners, Program Managers, and ISSOs with Security Assessment and Authorization (A&A) activities and RMF documentation requirements.

Apply federal cybersecurity standards and guidance, including NIST SP 800-53 Rev. 5, NIST SP 800-53A, and FISMA requirements.

Conduct security control assessments, compliance monitoring, and vulnerability tracking in support of system authorization and continuous monitoring programs.

Support risk remediation activities, including tracking and resolving security findings through Plan of Action and Milestones (POA&M).

Coordinate with system stakeholders on configuration management, change management activities, and Configuration Control Board (CCB) participation.

Provide cybersecurity recommendations and guidance to ISSMs, ISSOs, and system stakeholders regarding compliance requirements, security controls, and risk mitigation actions.

GS-14 (In addition to the above): Serve as a senior cybersecurity advisor to leadership, providing recommendations regarding system authorization decisions, risk posture, and security control implementation.

Lead Security Assessment and Authorization (A&A) activities and coordinating with System Owners, ISSOs, and Authorizing Officials to obtain and maintain Authority to Operate (ATO).

Apply and interpret federal cybersecurity standards and policies, including NIST SP 800-53 Rev. 5, NIST SP 800-53A, FISMA, CNSS, and Intelligence Community security guidance.

Manage continuous monitoring programs, including vulnerability management, configuration baseline compliance, and remediation tracking through Plan of Action and Milestones (POA&M).

Coordinate cybersecurity activities across multiple systems or projects simultaneously, ensuring compliance with security policies and operational priorities.

Provide strategic cybersecurity guidance and technical recommendations to senior leaders and stakeholders regarding security engineering initiatives, risk mitigation strategies, and system authorization status.