Information System Security Manager (ISSM), Public Sector

Job Description

Scale is seeking an experienced security and compliance professional to support Assessment and Authorization and agency audit activities for Scale’s products offered in the US Government and global Public Sector space. The Information System Security Manager (ISSM) will join a creative and solutions-oriented team, collaborating with internal teams at Scale and externally with customers.

The role involves leading public sector security compliance projects and audits, collaborating with various teams to implement controls, working with 3PAOs and federal government AOs, ensuring security configurations, serving as a liaison between system owners and security personnel, developing and maintaining system security documentation, conducting vulnerability scans, managing risks, coordinating correction actions, leading Risk Management Assessment and Authorization processes, performing cloud system risk assessments, implementing Security Technical Implementation Guides, leading security compliance reviews, evaluating certification programs, and providing security awareness training.

Responsibilities:

• Lead public sector security compliance projects and audits.
• Collaborate with product, engineering, security, operations, people operations, and legal to implement new controls.
• Work with 3PAOs and federal government AOs to achieve compliance certifications and reports.
• Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures.
• Serve as a liaison between system owners and other security personnel.
• Develop, maintain, review, and update system security documentation.
• Conduct required vulnerability scans and develop Plan of Action and Milestones (POAMs).
• Manage risks by coordinating correction or mitigation actions and tracking the completion of POAMs.
• Coordinate system owner concurrence for correction or mitigation actions and monitor security controls.
• Upload security control evidence to the Governance, Risk, and Compliance (GRC) application.
• Lead Risk Management Assessment and Authorization (A&A) processes for deployments.
• Perform Cloud system risk assessments, enhance process workflows, and develop new processes.
• Implement all applicable manual Security Technical Implementation Guides (STIGs), vendor hardening guides and ensuring timely installation of all available patches.
• Create and maintain ATO packages.
• Lead security compliance reviews for new products, changes, and features.
• Proactively evaluate and advise the business on new and evolving certification programs, requirements, and technologies.
• Develop and provide training to improve the security awareness and knowledge for all employees and contractors.

Requirements:

• Active US Top Secret security clearance with minimum IAT Level 2 certification (Security +, CASP, or similar).
• Experience implementing and maintaining frameworks and standards such as FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, NIST 800-53.
• STIG/RMF policy knowledge & implementation, including validating compliance via ACAS and other relevant tests.
• Experience in project management.
• An ability to translate between business and technical risk and communicate clearly to leadership.
• Excellent organizational and communications skills.
• Understanding of cybersecurity controls for cloud service providers.
• Knowledge of AWS and other government authorized cloud services.
• 5+ years of security compliance or technology audit related experience.

Scale offers:

• Comprehensive health, dental and vision coverage.
• Retirement benefits.
• A learning and development stipend.
• Generous PTO.
• Commuter stipend.