Title:
Information Systems Security Manager (ISSM)
About the Role
KBR is seeking an experienced Information Systems Security Manager (ISSM) in Ann Arbor, MI to support Information Assurance (IA) Operations and lead cybersecurity compliance efforts for assigned systems and networks. This role is responsible for supporting Assessment & Authorization (A&A) activities, developing cybersecurity policies and procedures, and maintaining Authorization to Operate (ATO) compliance across classified environments.
Reporting directly to the Information Assurance Operations Manager, the ISSM will serve as the primary cybersecurity representative for the site, partnering with government and contractor stakeholders to implement and enforce security best practices while ensuring compliance with Risk Management Framework (RMF) requirements.
Key Responsibilities
- Serve as the onsite Information Systems Security Manager (ISSM) and primary representative for Information Assurance (IA) Operations.
- Lead Assessment & Authorization (A&A) activities and support the development and maintenance of Authorizations to Operate (ATOs) for assigned systems.
- Conduct risk and vulnerability assessments to identify security risks and recommend mitigation strategies.
- Develop, review, and maintain RMF documentation, including Security Plans, Risk Assessments, Implementation Plans, and POA&Ms.
- Assess systems against applicable security requirements, including NIST 800-53, NIST 800-171, DISA STIGs, and SRGs.
- Coordinate with system administrators, engineers, developers, and other stakeholders to implement security controls and maintain compliance.
- Develop and maintain system security artifacts, including authorization boundary diagrams, architecture diagrams, hardware/software inventories, and site procedures.
- Analyze vulnerability scan results and assist with remediation activities.
- Participate in cybersecurity strategy discussions, policy development, and process improvement initiatives.
- Lead and participate in meetings with government, contractor, and program stakeholders to provide status updates and address RMF-related issues.
- Prepare and deliver regular reports on system security and authorization status to leadership.
- Maintain awareness of evolving cybersecurity requirements and ensure compliance practices remain current.
Basic Qualifications
- Bachelor's degree and 10+ years of cybersecurity, information assurance, or IT experience; or 14+ years of equivalent experience in lieu of a degree.
- 5+ years of ISSM or ISSO experience supporting classified environments.
- Active DoD Top Secret clearance with SCI eligibility.
- Current DoD 8570-compliant certification.
- Strong experience with Risk Management Framework (RMF) and A&A processes.
- Experience developing RMF documentation, including Security Plans, Risk Assessments, and POA&Ms.
- Familiarity with NIST 800-53, NIST 800-171, DISA STIGs, and SRGs.
- Experience with cybersecurity tools such as eMASS, ACAS, SCAP Tool, or Xacta.
- Excellent communication, organization, and customer service skills.
Additional Compensation: KBR may offer bonuses, commissions, or other forms of compensation to certain job titles or levels, per internal policy or contractual designation. Additional compensation may be in the form of sign on bonus, relocation benefits, short term incentives, long term incentives, or discretionary payments for exceptional performance.
Benefits: KBR offers a selection of competitive lifestyle benefits which could include a 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule. We support career advancement through professional training and development.