Senior Information System Security Manager (ISSM)

ECS is seeking a Senior Information System Security Manager (ISSM) to work in our Fairfax, VA office.

ECS is seeking a seasoned Senior Information System Security Manager (ISSM) to support cybersecurity for an IL5/IL6 hybrid enterprise environment spanning cloud (AWS GovCloud, Azure Government) and on-premise systems within the Department of War (DoW). This role operates in a hybrid onsite/remote capacity. The ISSM is the high-level authority responsible for managing the Cybersecurity Program, ensuring compliance, managing risk, and maintaining information systems' security posture.

This role demands a talented, motivated security professional capable of navigating the complex Risk Management Framework (RMF) and operational deployment landscape across both Government and Commercial Off-The-Shelf (GOTS/COTS) environments. The ISSM assesses the security posture of existing government investments and commercial solutions to ensure they meet stringent National Institute of Standards & Technology (NIST) and DoW compliance standards. The ISSM leverages vast expertise to architect hybrid approaches that optimize system capabilities while maintaining robust cybersecurity defenses, rigorous Continuous Monitoring, and overall operational effectiveness. The ISSM oversees Information System Security Officers (ISSO), manages authorizations, and bridges the gap between technical teams and senior leadership.

This role represents the intersection between cybersecurity engineering, RMF compliance, strategic risk management, and innovative solutioning for network, hardware, software, and cybersecurity challenges - all within an organization that values operational security and contributes to national security.



Key Responsibilities:

The ISSM serves as the primary advisor to leadership on all information system security matters, operating at a strategic organizational level to protect data assets.



Core Strategic & Governance Responsibilities

• Lead the creation and enforcement of enterprise-wide security policies, standards, and procedures to ensure compliance with federal and organizational mandates.
• Oversee full execution of the RMF process, including system categorization, security control selection, and continuous monitoring.
• Ensure systems adhere to regulations such as FISMA, NIST SP 800-series, and CMMC.
• Acquire and manage necessary resources, including budgets and specialized security personnel, to meet organizational security goals.

Operational & Technical Oversight

• Coordinate the preparation and maintenance of System Security Plans (SSP) and assessment packages to secure and maintain formal system authorizations to operate (ATO).
• Spearhead vulnerability assessments and audits, prioritizing remediation activities and interpreting technical threats for executive leadership.
• Lead high-level incident response efforts during security breaches, ensuring proper forensic investigations and post-event analysis.
• Oversee security-relevant configuration changes to hardware, software, and firmware, assessing their impact on systems' operational security posture.

Leadership & Collaboration

• Manage and mentor ISSOs and other cybersecurity professionals.
• Translate complex technical security challenges into business risk language for senior leadership and the C-suite.
• Institute organization-wide training programs to foster a security-conscious culture among all personnel.
• Act as the primary point of contact for external auditors, government customers, and regulatory bodies (e.g., DCSA or CISA).

Business & Mission Support

• Support business development activities by enabling secure system authorizations (ATO) and ensuring compliance with CMMC and DFARS requirements.
• Facilitate growth by securing ATOs for new contracts, implementing CMMC/DFARS standards to win government bids, and fostering secure, scalable innovation.
• Work with cross-functional Corporate teams to align initiatives with ECS goals and objectives.
• Identify opportunities for continuous improvement and innovation.
• Other duties, as assigned.