ISSM (Information System Security Specialist III)

In this role, you'll contribute to PMW 160 Enterprise Support Services (ESS), working alongside cybersecurity, engineering, and operational stakeholders to ensure that mission-critical systems are securely designed, assessed, and authorized to operate in support of national defense.

About the role: As a technical, hands on ISSM you will serve as a key contributor to the program's cybersecurity and risk management posture, supporting all aspects of Information Assurance (IA) and Risk Management Framework (RMF) activities for complex Navy information systems. You will work closely with engineers, system owners, and government stakeholders to develop, document, and maintain security controls and accreditation artifacts; evaluate and recommend security solutions; and help maintain an effective security posture throughout the system lifecycle. On a day-to-day basis, you will perform security control assessments, support Assessment & Authorization (A&A) activities, leverage enterprise IA tools such as eMASS and ACAS, and help ensure compliance with DoD and Navy cybersecurity policies and processes. This role is ideal for a seasoned cybersecurity professional who enjoys combining technical, analytical, and documentation skills to protect critical mission systems.

Responsibilities:

• Support all aspects of program Information Assurance (IA) and cybersecurity processes, tailored to the system and mission, under Certification & Accreditation (C&A) and/or Assessment & Authorization (A&A) frameworks.
• Apply working knowledge of the Risk Management Framework (RMF)-and, where applicable, legacy DIACAP processes-to support security categorization, control selection, implementation, assessment, authorization, and continuous monitoring activities.
• Assist with the preparation, review, and maintenance of security documentation and process artifacts (e.g., SSPs, POA&Ms, security control traceability, test results) required to obtain and maintain an Authority to Operate (ATO).
• Evaluate security solutions and technical implementations to ensure they meet security requirements for processing up to classified information in accordance with applicable DoW and Navy policies and guidance.
• Support, maintain, and in some cases supervise the operational security posture for assigned information systems or programs, including monitoring, vulnerability management, and remediation coordination.
• Utilize IA and cybersecurity tools such as DISA Enterprise Mission Assurance Support Service (eMASS) and Assured Compliance Assessment Solution (ACAS) to document, track, and report on security control implementation and system risk.
• Coordinate with system engineers, test and evaluation (T&E) teams, and Security Control Assessor (SCA) representatives to plan, execute, and document security testing and assessments.
• For more senior responsibilities, assist in the development and refinement of system security policies and ensure compliance with change management and configuration management processes.
• Plan and coordinate IT security program activities and policies in support of command leadership mission and goals, providing recommendations to improve the overall cybersecurity posture.

Required Skills and Experience:

• More than five (5) years (with degree or 7+ without) of practical experience in a Cybersecurity, Engineering, Test & Evaluation (T&E), or Assessment & Authorization (A&A, formerly C&A) related field.
• Working knowledge of the Risk Management Framework (RMF) process and prior experience with DIACAP or similar legacy processes.
• Experience supporting C&A/A&A activities, including the development and maintenance of IA/security documentation (e.g., SSPs, POA&Ms, test plans, and assessment reports).
• Experience with Information Assurance tools such as DISA Enterprise Mission Assurance Support Service (eMASS) and Assured Compliance Assessment Solution (ACAS).
• Demonstrated ability to evaluate security solutions and technical implementations to ensure they meet security requirements for systems processing up to classified information.
• Experience supporting or performing security control assessment activities in coordination with SCAs, system owners, and engineering teams.
• Strong understanding of DoD and/or Navy cybersecurity policies, directives, and guidance, and how they are applied to real systems and programs.
• Ability to communicate effectively with technical and non-technical stakeholders, clearly articulating risks, findings, and recommended mitigations.

Preferred Skills and Experience:

• Experience serving as a Security Control Assessor (SCA) or holding a Full Security Control Assessor qualification.
• Experience supporting Navy or other DoW programs through full lifecycle RMF activities from initial accreditation through continuous monitoring.
• Hands-on experience with vulnerability management, patch management, and remediation tracking in operational environments.
• Experience supporting cybersecurity in conjunction with system engineering and T&E activities (e.g., test planning, execution, and reporting for security controls).
• Familiarity with secure architecture and design principles, including network segmentation, boundary protection, and defense-in-depth.
• Relevant cybersecurity certifications (e.g., Security+, CISSP, CAP, CISM, or similar).

Education and Certification Requirements:

• College degree in a technical or managerial related discipline.
• In lieu of a college degree, greater than seven (7) years of directly relevant experience in Cybersecurity, Engineering, T&E, or A&A (formerly C&A) is required.
• Industry-recognized cybersecurity certification (e.g., Security+ or higher) strongly preferred; specific certifications may be required to meet DoD 8570/8140 requirements depending on the role and environment.

Citizenship and Clearance requirements:

• US Citizenship required
• No dual citizenship
• Active Secret Clearance
• Active TS clearance preferred

Location/Address:

• San Diego, CA area strongly preferred

Travel & Passport:

• Under 20% travel, primarily CONUS, to support customer engagement, integration and test events, and team coordination.
• OCONUS travel and a valid passport may be required for specific events or mission needs, as directed by the customer.

Work Environment: PMAT offices as needed. In some cases, work in a government facility may be required. Travel may be required for customer engagement, team coordination, and potentially for business development.

#CJ