Information System Security Manager (ISSM)

Information System Security Manager (ISSM)

Department: Department of the Navy

Location(s): Quantico, Virginia

Salary Range: $95000 - $115000 Per Year

Job Summary: Marine Corps Community Services (MCCS) is looking for the best and brightest to join our Team! MCCS is a comprehensive program that supports and enhances the quality of life for Marines, their families, and others in the Marine Corps Community. We offer a team oriented environment comprised of military personnel, civilian employees, contractors and volunteers who keep the organization functioning smoothly and effectively.

Major Duties:

• This position serves an Information System Security Manager (ISSM) for the Information Technology Directorate (MRI), NAF Business and Support Services Division (MR), Manpower and Reserve Affairs Department, Headquarters Marine Corps. The incumbent will provide compliance guidance and tracking for Marine Corps NAFI activities at installations and assist with the improvement of compliance items to Marine Corps installations worldwide. - Performs risk management framework activity and authorization efforts IAW the Payment Card Industry (PCI), Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology Special Publication (NIST SP) 800 series, Federal Information Processing Standards (FIPS) series, and USMC related policies and procedures. - Works closely with and receives reports from Program Manager(s), Cyber operational personnel, and system administrators. - Conducts self-assessments of authorization package assets, assess level of risk, IT policy compliance, and develops and/or recommends appropriate plan of actions and milestones (POA&M). - Serve as an advocate for all disciplines within the security program including the development and subsequent enforcement of the organization's security awareness programs, business continuity and disaster recovery plans, and all industry and governmental compliance issues. - Promotes IT security awareness to the user community by validating the user community is completing annual security training. - Oversees and maintains regulatory requirements and completes periodic reviews for security implications and security applications. - Coordinates with all departments within the Marine Corps Community Services (MCCS) and higher Marine Corps to support cybersecurity awareness initiatives.

Qualifications: Bachelors' Degree in Information Technology or Business related field appropriate to the work of position AND three years of experience performing specific tasks for Information System Security Manager (ISSM), security assessments, vulnerability management, or cybersecurity (CY): OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above, OR appropriate experience that demonstrates the applicant has acquired the knowledge, skills, and abilities equivalent to that gained in the above. Knowledge of risk management processes, secure configuration management techniques, Government laws and policies, cyber threats and vulnerabilities, encryption algorithms, host/network access control mechanisms, vulnerability information dissemination sources, Payment Card Industry (PCI) data security standards, Personally Identifiable Information (PII) data security standards, incident response and handling methodologies, intrusion detection methodologies and techniques for detecting host and network-based intrusions, and organization's risk tolerance and/or risk management approach. Skill in applying security controls, analyzing traffic to identify network devices, conducting application vulnerability assessments, assessing security systems designs, interpreting vulnerability scanner results to identify vulnerabilities, assessing cloud security measures and microservices, preparing Test & Evaluation reports, and running Security Content Automation Protocol (SCAP) content and Security Technical Implementation Guides (STIGS) based tools for benchmark, compliance checks, and security configuration reviews. Ability to identify systemic security issues based on the analysis of vulnerability and configuration data, apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation), conduct vulnerability scans and recognize vulnerabilities in security systems, and translate data and test results into evaluative conclusions. As an authorized and privileged user of Department of Defense Information Systems, must fulfill the requirement to complete DoD Workforce Improvement Program certification (DoD 8140.01) as a condition of access within six months of employment. This position has been determined as an Intermediate proficiency level ISSM. This position had been determined as Moderate Risk. As a condition of employment, the incumbent must be able to obtain and maintain an Access National Agency Check and Inquiries (ANACI/ Tier 3) Secret Clearance to access classified information.

How to Apply: All applications must be submitted online via the MCCS Careers website: Resumes/applications emailed or mailed will not be considered for this vacancy announcement. To be considered for employment, the application or resume must be submitted online by 11:59 PM (ET) on the closing date of the announcement. Resumes with two or more pages or personal photos will not be considered for this vacancy. Note: To check the status of your application or return to a previous or incomplete application, log into your MCCS user account and review your application status.

Application Deadline: 2026-01-04