Information System Security Manager, NF4

Full Job Description

Marine Corps Community Services (MCCS) is looking for the best and brightest to join our Team!

MCCS is a comprehensive program that supports and enhances the quality of life for Marines, their families, and others in the Marine Corps Community.

We offer a team oriented environment comprised of military personnel, civilian employees, contractors and volunteers who keep the organization functioning smoothly and effectively.

Bachelor's Degree in Information Technology or Business related field appropriate to the work of position AND four years of experience performing specific tasks within hands-on security assessment, quality assurance, PCI DSS experience, or cybersecurity (CY): OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above, OR appropriate experience that demonstrates that the applicant has acquired the knowledge, skills, and abilities equivalent to that gained in the above.

Certification at the DoW 8140.01 Advanced level (i.e.

Certified Information Systems Security Professional (CISSP) or other Advanced certification) is required or equivalent level education and appropriate experience with DoW system security and cybersecurity / information assurance (IA) policy and procedures.

As an authorized and privileged user of Department of War Information Systems, must fulfill the requirement to complete Cybersecurity Awareness training as a condition of access within six months of employment, and must be completed annually thereafter.

Expertise in: -Enterprise vulnerability and risk management across cloud and containerized environments, including assessment oversight, remediation validation, and executive-level reporting.

-Security control validation and compliance governance aligned with DISA STIGs, RMF, DoD Cloud SRG, FedRAMP, and NIST frameworks for IaaS, PaaS, and SaaS systems.

Proficient in / Experience with: -RMF and cybersecurity authorization activities for cloud-hosted, virtualized, and traditional systems, including policy development, documentation, and coordination with DoD and FedRAMP-authorized services.

-Cybersecurity program leadership spanning vulnerability assessment, incident response, compliance reporting, and project management within USMC/USN enterprise environments.

Broad Knowledge of: -Enterprise security architecture and operations, including coding, networking, system administration (Windows/Linux), container security, patch/configuration management, and incident response across on-prem and cloud native environments.

-DoD / DON / USMC and industry cybersecurity frameworks, including DoDI 8500.01/8510.01, NIST SP 800-series, DevSecOps security guidance, container hardening PCI DSS, and RMF/authorization support tools.

Major Duties:

Serves as the Information Systems Security Manager (ISSM) for the MCCS Cloud Enclave (MCE) and Operation StormBreaker, the USMC Software Factory supporting Department of War (DoW) and federal customers.

Acts as the appointed ISSM for the Rapid Assess and Incorporate Software Engineering (RAISE) Platform of Choice (RPOC) environment and associated enterprise cloud systems.

Provides authoritative cybersecurity leadership to enable secure, agile, and continuous delivery of applications and services in support of the warfighter, while ensuring compliance with the Risk Management Framework (RMF) and applicable DoW, USMC, and federal cybersecurity policies.

Leads security governance, assessment, authorization, and continuous monitoring activities for current and future systems, platforms, applications, and supporting infrastructure.

Assesses cybersecurity requirements into Agile and DevSecOps pipelines, ensuring security is embedded throughout the system and software development lifecycle without degrading operational tempo.

Directs and manages compliance with FISMA, PCI DSS, NIST SP 800-series publications, FIPS standards, DoD 8570/8140, NAFi, and USMC cybersecurity directives.

Oversees assessment and authorization (A&A) activities, including development and maintenance of System Security Plans (SSPs), risk assessments, security control documentation, and continuous monitoring artifacts for cloud-hosted, containerized, networked, and stand-alone systems.

Provides enterprise cybersecurity oversight for MCE systems worldwide, including retail point-of-sale platforms, e-commerce applications, supporting business systems, and associated infrastructure.

Coordinates cybersecurity audits, vulnerability assessments, and risk mitigation activities.

Ensures accurate and timely compliance reporting to PCI Security Standards Council-approved entities, including Reports on Compliance (ROC), Approved Scanning Vendor (ASV) reports, and Reports of Validation (ROV), as applicable.

Acts as the principal security compliance authority and internal auditing function for RMF, FISMA, and PCI efforts.

Develops enterprise validation protocols, administers security and vulnerability scanning tools, tracks remediation activities, and ensures sustained compliance across the system lifecycle.

Researches and resolves complex cybersecurity, risk, and compliance issues in collaboration with subject matter experts.

Ensures information ownership responsibilities are established and enforced for all systems, including access approvals, accountability, and special handling requirements.

Coordinates security testing, evaluation, verification, authorization, and periodic reviews in accordance with HQMC C4 policy and applicable classification guidance.

Reports directly to the Chief Technology Officer (CTO).

Collaborates with system owners, developers, project managers, service providers, HQMC C4/CY staff, and other USMC and DoW organizations to implement cybersecurity requirements effectively.

Develops and delivers cybersecurity, RMF, and compliance training to technical and non-technical personnel.

Maintains required professional certifications in accordance with DoW 8140.01 at the Advanced level. Provides senior-level briefings to leadership as required.

Delivers world-class customer service, adheres to safety and Equal Employment Opportunity (EEO) principles, and performs other related duties as assigned. Occasional travel may be required.