DMI, LLC. is seeking an experienced and proactive Information Systems Security Manager (ISSM) who will report directly to the Program Manager.The ISSM will be the primary security leader for the program while achieving a new Authority to Operate (ATO) and maintaining the security posture for an application migrating to the Enterprise Cloud Management Agency (ECMA) cARMY environment. Responsible for navigating the unique challenges of securing systems in a DOW-approved cloud while ensuring compliance with all applicable DOW, DISA, and Army security policies. Primary focus will be on proactive risk management, continuous monitoring, and successfully managing the ATO lifecycle within the Army's cloud ecosystem.

Duties and Responsibilities:

• Cloud ATO Lifecycle Management: Lead all efforts to achieve and maintain the system's ATO within the ECMA cARMY environment. Primary driver for the RMF package, developing, maintaining, and updating all required documentation within the Enterprise Mission Assurance Support Service (eMASS).
• Vulnerability Management & ACAS Remediation: Directly manage the vulnerability remediation process. This includes analyzing scan results from the Assured Compliance Assessment Solution (ACAS), prioritizing vulnerabilities, and coordinating with system administrators and developers for timely remediation within the cloud environment.
• Cloud Security Controls & Compliance: Architect and validate the implementation of security controls, interpreting and applying them specifically to a cloud environment. Leverage control inheritance from the cARMY platform and ensure compliance with relevant Security Technical Implementation Guides (STIGs).
• Incident Response: Serve as the lead for investigating and resolving security-related incidents and anomalies.
• Risk Management Framework (RMF): Apply a deep understanding of the RMF to advise leadership on security posture, risk acceptance, and strategic planning for the system's successful operation in cARMY.
• Collaboration & Support: Interfaces directly with government counterparts, including but not limited to the ECMA, the system's Information System Security Officer (ISSO), and Authorizing Official (AO) representatives.
• Oversee all aspects of application and system security for a program hosted in a DOW cloud environment.
• Manage the Plan of Action & Milestones (POA&M): Track vulnerabilities and ensure a clear path to remediation.
• Ensure continuous compliance with all relevant DISA STIGs and Cloud Computing Security Requirements Guide (CCSRG) mandates.
• Provide regular security posture reports and briefings to program leadership and Government customers.
• Other security-related duties as assigned.

Education and Years of Experience:

• 7+ years of progressive experience in cybersecurity, with at least 5 years in a direct ISSM or similar role supporting DOW programs.
• A Bachelor of Science degree in Cybersecurity, Information Technology, or a related field is highly desirable.

Required Skills/Certifications:

• DoD 8570 IAM Level III certification (e.g., CISM, CISSP, or GSLC) is highly preferred
• DoD 8570 IAT Level II certification is mandatory (CompTIA Security+ CE).
• Demonstrable experience successfully guiding a system through the ATO process is strongly preferred.
• eMASS Proficiency: Significant experience working within eMASS to manage the RMF package for a DOW IT system.
• Demonstrated expertise with ACAS: Proven hands-on experience managing vulnerabilities identified by ACAS and driving the remediation process
• Deep Understanding of RMF and STIGs: A thorough understanding of the DOW Risk Management Framework and the ability to effectively apply and validate DISA STIGs

Citizenship and Clearance:

• Citizenship Status: Must be a United States Citizen.
• Security Clearance: Must possess an active SECRET security clearance.

Physical Requirements: None required for this position.

Location: Must reside within a one-hour driving time of Fort Knox, Kentucky.