(688) Senior ISSM SME

Position Description:

The role requires a senior professional who can operate successfully in a pioneering and fast-moving defense technology environment. The ISSM SME will be accountable for upholding security standards across the organization, safeguarding sensitive information critical to national security, and helping mature scalable cybersecurity operations across CDAO systems. In addition to providing RMF and ISSM expertise, this individual will support program execution by managing priorities, coordinating tasking, tracking deliverables, supporting onboarding and offboarding of team members, identifying operational risks, and helping ensure the team is aligned, organized, and meeting mission objectives. The role will require strong communication, accountability, stakeholder management, and the ability to keep daily operations running smoothly across a distributed and mission-focused team. The ISSM SME will support enterprise-wide cybersecurity governance by partnering with the Government ISSM to help define and mature the ISSM Program for the CDAO organization. Responsibilities will include managing authorization workflows, improving standardization, mentoring cybersecurity personnel, developing reusable cybersecurity artifacts, supporting process improvement, and enabling consistent, repeatable cybersecurity practices across the enterprise.

To be successful in this position the candidate must possess a firm understanding of statutory guidance such as statutory guidance including 570.01 (Information Assurance Workforce Improvement Program), DoDI 8500.01 (Cybersecurity), DoD Directive 8140.03 (Information Systems Security Manager DoD Cyber Exchange), and NIST 800-37 r2 (Risk Management Framework for Information Systems and Organizations).

Location: Arlington, VA / Hybrid (Situational telework)

Clearance: TS/SCI

Responsibilities and/or Success Factors:

• Serve as a primary contract point of contact for Government stakeholders, supporting communication, coordination, and issue resolution.
• Manage day-to-day program operations to ensure team activities, priorities, and deliverables remain aligned with Government objectives.
• Track tasks, milestones, action items, risks, dependencies, and deliverables across RMF and cybersecurity workstreams.
• Support onboarding and offboarding of team members, including coordination of access, orientation, knowledge transfer, and transition activities.
• Facilitate meetings, status updates, and working sessions with Government and contractor personnel.
• Develop and maintain program documentation, schedules, trackers, process guides, and recurring status materials. Enterprise eMASS Governance & Workflow Management
• Manage and oversee enterprise authorization activities within eMASS across supported systems and programs.
• Coordinate, track, and manage eMASS workflows, artifacts, approvals, inheritance relationships, and authorization requests.
• Support system onboarding, authorization sustainment, authorization extension, reciprocity, and Continuous Monitoring activities within eMASS.
• Validate authorization package completeness, workflow progression, and cybersecurity artifact quality. Organizational Cybersecurity Governance & Policy Development
  
  
• Assist in developing and maintaining enterprise cybersecurity governance documentation including:
  • Develop repeatable, scalable cybersecurity processes aligned to:
    • Support organizational maturity and process standardization initiatives. Organizational Control Inheritance Strategy (eMASS Organizational Controls)
    • Assist in defining, documenting, and operationalizing enterprise-level organizational controls for inheritance within eMASS.
    • Help establish standardized inherited control baselines to reduce redundancy and improve authorization scalability.
    • Identify common enterprise security services, policies, procedures, and safeguards eligible for inheritance.
• Coordinate with cybersecurity leadership to define:
  • Support implementation of enterprise authorization efficiencies through standardized control inheritance. ISSM Mentorship & Workforce Development
  • Mentor junior and mid-level ISSMs, ISSOs, and cybersecurity personnel supporting CDAO systems.
  • Provide coaching and guidance on:
  • Promote consistency, quality, and repeatability across enterprise cybersecurity efforts.
  • Assist in establishing standardized cybersecurity governance expectations and best practices. ISSM Education & Training Support
  • Support planning, coordination, and delivery of monthly ISSM education sessions.
• Develop training content and instructional material covering:
  • Facilitate knowledge sharing and enterprise cyber maturity improvement across supported ISSM personnel. Body of Evidence (BOE) Standardization & Template Development
  • Assist in creating and maintaining standardized CDAO cybersecurity templates and Body of Evidence (BOE) artifacts.
• Develop reusable, repeatable templates to improve authorization package consistency and quality, including:
  • Support cybersecurity artifact quality assurance and standardization across enterprise onboarding efforts. Continuous Monitoring (ConMon) & Cybersecurity Oversight
  • Support enterprise Continuous Monitoring (ConMon) governance activities.
    
    
• On Site Job Responsibilities and/or Success Factors Required Knowledge, Skills, & Experience
  • Demonstrated experience as an ISSM, ISSO, ISSE, cybersecurity engineer, or RMF practitioner supporting DoD systems.
  • Experience using eMASS for authorization package management and cybersecurity workflow execution.
  • Knowledge of:/ Experience drafting cybersecurity policies, SOPs, Dash-1s, implementation guidance, or operational procedures.
  • Ability to mentor cybersecurity staff and support enterprise cyber workforce development.
    
    

Minimum Qualifications Including Certificates:

• Must have an active TS/SCI Clearance
• Bachelor’s degree in computer science/information technology, or other related degree fields (master’s degree is preferred or at least 10 years of related experience)
• At least 10+ years of cybersecurity experience including a senior technical or management role, Project or Program Management experience a plus.
• At least one IAT/IAM or equivalent security certifications ex. CISSP, CCSP, CISM, CISA, or CASP
• Experience working with OSD leadership or Military component or branch.
• Excellent communication/presentation skills briefing senior military and government civilian leadership.
• Experienced with writing policies, guides, procedures.
• Experience in hands on with eMASS, Xacta and/or other GRC tools.
• Experience with Federal and FedRamp A&A Processes.
• Experienced and comfortable advising at the Senior Executive Service (SES) level of customers

Desired Certifications:

• CISSP
• CAP
• Security+ CE
• CASP+ / SecurityX
• CISM