ISSM - Information Systems Security Manager

Come make your mark with Watermark!

🎖️ FOUNDED BY USAF VETERANS in 2007, we are proud to be a Service-Disabled Veteran Owned Small Business.
🌎 SUBJECT MATTER EXPERTS specializing in security and risk management. We’re intimately familiar with DOD security programs and mission requirements.
⭐ OUR CORE VALUES drive every action we take as a company. We strive to exhibit PERSPECTIVE, PASSION, COMMUNICATION, INTEGRITY AND ETHICS, and BALANCE in all we do.
💲COMPETITIVE BENEFITS PACKAGE to address our employees’ physical, mental, emotional, and financial well-being. This includes 100% employer- paid medical insurance, ample paid leave, a free employee assistance program, and a competitive 401k savings plan.  At Watermark, our people come first! 

Information Systems Security Manager 

• Acquire and manage the necessary resources, including leadership support, financial resources and key security personnel to support information technology (IT) security goals and objectives and reduce overall organizational risk.
• Advise senior management on risk levels and security posture. Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
• Collect and maintain data needed to meet system cybersecurity reporting.
• Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
• Ensure that security improvement actions are evaluated, validated, and implemented as required.
• Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
• Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).
• Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
• Identify alternative information security strategies to address organizational security objective.
• Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
• Manage the monitoring of information security data sources to maintain organizational situational awareness.
• Oversee the information security training and awareness program.
• Participate in an information security risk assessment during the Security Assessment and Authorization process.
• Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
• Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
• Recognize a possible security violation and take appropriate action to report the incident, as required.
• Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
• Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
• Advise the organization, stakeholders and teammates concerning the impact levels for confidentiality, integrity, and availability for the information systems.
• Evaluate threats and vulnerability to information systems to ascertain the need for additional safeguards.
• Author, Review and Approve information system security assessment plans, which is comprised of the SSP, the SCTM, and the security control assessment procedures.
• Ensure security assessments are completed for information systems.
• Develop and sustain Risk Management Framework Packages in EMASS, or Xacta or other mandated toolsets.
• Prepare the final Security Assessment Report (SAR) which includes assessment results and findings, at the conclusion of each security assessment activity.
• Initiate a POA&M with identified weakness and suspense dates for each information system based on findings and recommendations from the Sar.
• Assess proposed changes to information systems, their environment of operation, and mission needs that could affect system authorization.
• Provide purposeful security architecting, design, development, and configuration of information systems.
• Provide inputs to development teams responsible for designing and developing organizational information systems and upgrading legacy systems.
• Employ best practices when implementing security requirements for information systems including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques.

• 7-9 years relevant experience with Bachelors in related field; 7 years relevant experience with Masters in related field; 4 years relevant experience with PhD or Juris Doctorate in related field; or High School Diploma or equivalent and 13 years relevant experience.
• BAS in Cyber Security and 5 years of relevant cyber security experience
• Minimum of 8 years of relevant DoD cyber security work experience
• No less than three (5) years’ experience in a DoD environment within the least five (5) years

• IAM Level 3 Certification; CISSP Certification is highly desired.

• Current Top Secret/SCI (TS/SCI) clearance, current within five years, based upon a single scope background investigation (SSBI) or SSBI periodic review.

• Reports to a physical location which occasionally requires the ability to traverse between buildings
• Must be able to regularly lift up to 50 lbs 
• May require sedentary work at least 50% of the time
• Ability to manage stress with a high degree of maturity/professionalism
• Demonstrated critical thinking and leadership skills and the ability to work well with others
• Effective verbal and written communication skills

Watermark provides salary ranges with job postings in states where it is legally required; any other salary ranges associated with our postings are third party estimates and may not be an accurate reflection of Watermark’s total compensation package.  Multiple considerations are taken into account when determining the final salary/hourly rate, including but not limited to, Contract Wage Determination, education and certifications, relevant work experience, related skills and competencies, as well as Federal Government Contract Labor Categories.  Central to Watermark’s employment philosophy is the wellbeing of our employees which is why we offer a robust benefits package and wellness program alongside of annual base compensation.

Watermark Risk Management International, LLC is an equal opportunity and affirmative action employer and does not discriminate on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factors. 

Watermark Risk Management International, LLC is a federal contractor and is therefore subject to any federal vaccine mandates or other customer vaccination requirements.