Information Systems Security Manager (ISSM)

Information Systems Security Manager (ISSM) - (191957)

HDR is adding an experienced Information Systems Security Manager (ISSM) to lead and oversee the security posture of information systems supporting federal and sensitive programs. The ISSM serves as the authoritative security lead for system authorization, continuous monitoring, and compliance across classified and unclassified environments, ensuring alignment with NIST, RMF, CMMC, and federal cybersecurity requirements. This role partners closely with Corporate Security, IT, Legal, project teams, and external stakeholders to ensure HDR systems are designed, authorized, and operated securely throughout their lifecycle.

Governance & Risk Management

• Serve as the ISSM for assigned systems, overseeing compliance with NIST SP 800-53, RMF, and applicable federal security requirements
• Lead system authorization activities including SSP development, risk assessments, POA&M management, and ATO packages
• Ensure continuous monitoring programs are implemented and maintained

System Security Oversight

• Oversee security architecture, boundary definitions, and system interconnections
• Validate that security controls are properly implemented and operating as intended
• Coordinate vulnerability management, incident response, and remediation activities

Stakeholder & Program Support

• Serve as the primary security advisor to program leadership and system owners
• Interface with government customers, assessors, and authorizing officials
• Support audits, assessments, and external reviews (e.g., DCSA, customer audits)
• Contribute to the development and refinement of HDR information security policies and procedures
• Support workforce training and awareness related to system security responsibilities
• Mentor ISSOs and technical staff on RMF and compliance best practices

Preferred Qualifications

• Experience serving as an ISSM or Senior ISSO
• Strong working knowledge of NIST Risk Management Framework (RMF)
• Strong working knowledge of NIST SP 800-53 control families
• Experience with System Authorization (ATO) processes
• Experience with Continuous Monitoring and POA&M management
• Active or previously held U.S. security clearance (Secret or higher)
• Familiarity with CMMC Level 2, ITAR, and CUI requirements
• Professional certifications such as CISSP, CISM, CAP, GSLC

Required Qualifications

• Bachelor's degree in Computer Science/MIS-related area or equivalent work experience
• A minimum of 7 years of experience in planning and support of IT technology and/or security related systems
• A minimum of 2 years of leadership and management experience
• Experience and familiarity with cybersecurity related standards such as NIST 800-171; ISO27001/2
• Experience with cybersecurity system project design and implementation
• In-depth technical knowledge of security architectures, technologies, and best practices
• Ability to develop innovative approaches to problem solving
• Excellent client service and interpersonal skills
• Ability to communicate needs and new ideas with employees and management
• Ability to write technology evaluations and make recommendations to management
• Ability to work with vendors on service requests and other product issues
• Commitment to being an active participant in HDR employee-owned culture
• Experience in working with groups to establish priorities and manage expectations
• Self-starter, with the ability to handle multiple tasks and deadlines with minimal supervision
• Strong verbal and written communication skills
• Capable of performing tasks in a dynamic environment, many times working under tight delivery schedules

At HDR, we are committed to the principles of employment equity. We consider all qualified applicants, regardless of criminal histories, arrest, and conviction records.