Information System Security Officer (ISSO)

Cumberland Additive Inc

$90K — $120K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, IT, Computer Science, or Information Systems preferred; equivalent education or experience considered.
  • Minimum 2 years of experience in cybersecurity or IT focusing on CMMC Level 2, NIST SP 800-171, or related compliance requirements, preferably in a regulated environment.
  • Understanding of CUI handling, access controls, MFA, endpoint protection, and vulnerability management.
  • Proven ability to develop and manage cybersecurity documentation including SSPs and POA&Ms.
  • Experience working collaboratively across various departments, including IT, Quality, and Operations.
  • Strong documentation skills with the ability to translate compliance requirements into actionable steps.
  • Experience in conducting internal audits and managing corrective actions effectively.

Responsibilities

  • Lead and manage the CMMC Level 2 compliance program and C3PAO assessment.
  • Develop and maintain cybersecurity policies, procedures, and documentation.
  • Organize internal reviews, identify corrective actions, and drive continuous improvement.
  • Collaborate with the MSP and IT resources to ensure effective technical security controls.
  • Safeguard Controlled Unclassified Information (CUI) and related data.
  • Integrate cybersecurity considerations into the quality management system.
  • Assist in preparing for external assessments and maintaining compliance.
  • Deliver cybersecurity training and awareness programs for all employees.
  • Monitor and recommend actions for regulatory and contractual cybersecurity obligations.

Benefits

  • Opportunity to lead and shape the cybersecurity compliance program within the organization.
  • Collaboration with various departments enhances cross-functional skills and networking opportunities.
  • Engagement with an MSP to stay ahead in technical security measures.
  • Professional development through training and compliance assessments.
  • Experience in a regulated manufacturing environment promotes career growth in cybersecurity.
Full Job Description
Position Summary

The Information System Security Officer (ISSO) is responsible for leading, maintaining, and continuously improving the organization's cybersecurity compliance program. The position serves as the primary coordinator for CMMC Level 2 activities and works across all departments to ensure cybersecurity remains integrated into normal business operations.

Responsibilities
  • Serve as the primary owner and coordinator of the CMMC Level 2 compliance program and C3PAO assessment
  • Maintain cybersecurity policies, procedures, documentation, and assessment
  • Coordinate internal reviews, corrective actions, and continuous improvement
  • Partner with the MSP and internal IT resources to ensure technical security controls remain effective and aligned with business needs.
  • Support the protection of Controlled Unclassified Information (CUI) and related information
  • Work with Quality to integrate cybersecurity into the quality management system.
  • Support external assessments and cybersecurity-related compliance
  • Provide cybersecurity awareness, guidance, and training across the
  • Monitor regulatory and contractual cybersecurity requirements and recommend


Key Deliverables
  • Current SSP with accurate system scope, boundary, asset inventory, data flows, control narratives, and
  • Current POA&M with ownership, due dates, risk notes, remediation status, and closure
  • CMMC Level 2 evidence library mapped to applicable practices and assessment
  • Recurring control review calendar and completed review
  • CUI handling procedure, CUI flow map, and department-specific work
  • Training matrix and completion records for cybersecurity awareness, CUI handling, and user
  • Internal audit results, corrective actions, and management review inputs related to
  • Supplier and external service provider records relevant to CUI handling and cybersecurity


Required Qualifications
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or Information Systems preferred. Equivalent combinations of education, certifications, and relevant work experience may be considered.
  • Minimum 2 years of demonstrated cybersecurity or information technology experience supporting CMMC Level 2, NIST SP 800-171, DFARS 252.204-7012, or equivalent CUI cybersecurity compliance requirements; experience in an AS9100D or regulated manufacturing environment preferred.
  • Working knowledge of CUI handling, access control, MFA, endpoint protection, vulnerability management, incident response, configuration management, backup validation, logging, and account lifecycle management.
  • Ability to create and maintain SSPs, POA&Ms, policies, procedures, evidence libraries, audit records, and corrective action
  • Experience coordinating across IT, Quality, Engineering, Operations, HR, Purchasing, Contracts, and external service
  • Strong documentation discipline and ability to translate cybersecurity requirements into practical manufacturing
  • Ability to conduct internal reviews, identify gaps, assign corrective actions, and verify closure

Similar Jobs

More Jobs at Cumberland Additive Inc

More Information Technology Jobs

Find similar Information System Security Officer (ISSO) jobs: