Senior Information System Security Manager (ISSM)

Everforth ECS is seeking a Senior Information System Security Officer (ISSM) to work out of the customer site in Ft. Meade, MD.

 

Everforth ECS is seeking a seasoned Senior Information System Security Manager (ISSM) to support DISA-owned Impact Level (IL) IL6 programs in an operational DoW environment inside Microsoft’s Isolated Secret Region (MS-ISR) that houses multiple U.S. Coalition Mission Partner Environments (MPE). This role operates in a hybrid onsite/remote capacity. The ISSM serves as the senior cybersecurity authority responsible for managing the cybersecurity program, overseeing risk and compliance, and maintaining the security posture of information systems within the authorization boundary.

 

This position is a fast-paced, mission-focused role that requires sound cybersecurity judgment, attention to detail, and the ability to both lead and execute authorization, compliance, and continuous monitoring activities across multiple enclaves in a dynamic Azure DoW environment. The ideal candidate has extensive ISSM experience supporting classified DoW programs, expert knowledge of RMF and NIST 800-53 controls, and familiarity with cyber tools such as ACAS, Trellix, and SIEM platforms. As part of a focused cybersecurity team, this role requires someone who can provide senior level direction while also directly contributing to artifact review, risk documentation, control validation, POA&M management, and day-to-day ATO support – all within an organization that values operational security and contributes to national security. The Senior ISSM reports to the Senior Technical Program Manager.

 

Job Responsibilities:

 

The Senior ISSM serves as the senior cybersecurity lead for the program, advising leadership while directly supporting RMF, ATO maintenance, risk management, and continuous monitoring activities across the Azure environment.

• Serve as the senior cybersecurity lead for the program, advising leadership while directly supporting RMF, ATO maintenance, risk management, and continuous monitoring activities across the Azure environment.
• Lead:
  • Cybersecurity activities for a DoD Azure environment operating under a shared ATO boundary with multiple mission enclaves.
  • POA&M governance by reviewing open risks, validating remediation plans, tracking milestone progress, and ensuring closure evidence is complete and defensible.
• Oversee day-to-day execution of the cybersecurity program, including security authorization documentation, compliance tracking, vulnerability management, control validation, and risk reporting.
• Maintain overall accountability for the program’s RMF posture, including ATO sustainment, continuous monitoring, POA&M management, and security control implementation.
• Provide direction and support to the ISSO, Cyber Engineer, and Cyber Analyst while also contributing directly to artifact review, documentation updates, and risk management activities.
• Review and approve RMF and ATO artifacts, including control implementation details, assessment evidence, POA&Ms, risk documentation, system diagrams, inventories, and continuous monitoring deliverables.
• Ensure eMASS records remain accurate and current, including security controls, artifacts, assessment results, POA&Ms, milestones, and authorization package documentation.
• Review vulnerability, STIG, ACAS, Trellix, and Sentinel data to assess risk, prioritize remediation, and communicate security posture to program leadership and government stakeholders.
• Coordinate with engineers, system administrators, cloud teams, mission enclave stakeholders, and government cybersecurity personnel to resolve findings and maintain compliance.
• Assess cybersecurity impacts of planned architecture, configuration, infrastructure, cloud, and boundary changes within the Azure environment.
• Support:
  • Security control assessments, audit readiness, continuous monitoring reviews, and authorization package updates for classified systems.
  • Review of incident response activities, security events, and operational findings to ensure appropriate documentation, escalation, reporting, and follow-up.
• Prepare and present cybersecurity status, risk summaries, POA&M metrics, vulnerability trends, compliance gaps, and ATO readiness updates to program and government leadership.
• Serve as the primary cybersecurity point of contact for DISA government stakeholders, including DISA cyber teams, assessors, auditors, program leadership, and internal program teams supporting RMF, ATO, continuous monitoring, risk, and compliance activities.
• Ensure cybersecurity documentation remains aligned with the operational environment, including enclave-specific mission needs, shared services, inherited controls, and authorization boundary considerations.
• Drive continuous improvement of cybersecurity processes, documentation quality, artifact management, reporting, and coordination across the cyber team.
• Other duties, as assigned.