Information Systems Security Manager (ISSM)

Tetrad Digital Integrity (TDI) is a cybersecurity firm built for high-consequence environments where mission, complexity, and trust intersect. Our single focus has been delivering cyber solutions to effectively manage risk & the business of cyber for 25 years!TDI is seeking an Information Systems Security Manager (ISSM) to provide expertise needed to align and help mature the organization and technology-specific risk management plans and processes, through the implementation of the Risk Management Framework (RMF).  This position is hybrid with commute to the DC area 3 times per week.RESPOSIBILITIES: Ensure client security policies and standards are enforced to support assessment, authorization and continued operation of information systemsLead a five-person Information Systems Security Officer teamSupport the client Information Assurance (IA) leadership in maturing risk management processes tailored for their environment and security control requirementsResearch and recommend innovative, secure, and automated solutions to improve the risk management processesParticipate in the technical security risk evaluation and assessment of new technologies and support security policy reviewsProvide guidance to ISSO's on conducting technical reviews, risk analyses, mitigation and strategies to address assessment and vulnerability findingsManage the overall process for Plan of Action and Milestones (POA&M) and IT Risk Acceptance (ITRA) to ensure the required risk posture is maintainedProvide quality assurance reviews of Assessment and Authorization (A&A) deliverables to ensure consistency and clarity for internal and external stakeholdersProvide technical briefings to senior leadership as requestedQUALIFICATIONS:Bachelor’s degree in a related field, or equivalent relevant coursework, with 7–10 years of demonstrated experience in cybersecurity risk management5+ years of demonstrated experience leading efforts for systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise databases leading to successful certification and accreditation or security authorization of such systemsStrong working knowledge of NIST publications, with demonstrated experience using GRC tools to execute Assessment & Authorization activitiesActive certification in one or more of the following information security disciplines: Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP)PREFERRED QUALIFICATIONS:Demonstrated understanding of cloud service model tools is preferred