ISSO IT Security Services Manager

ISSO IT Security Services Manager

  

This role has been designed as ‘’Onsite’ with an expectation that you will primarily work from an HPE office.

Job Description:

Hewlett Packard Enterprise (HPE) seeks an experienced Information System Security Officer (ISSO) to support classified systems in a mission-driven environment. The ISSO will be responsible for implementing, maintaining, and monitoring the security posture of accredited information systems, ensuring compliance with DoD/IC security policies and procedures, and supporting continuous authorization and risk management activities. This position requires an active TS/SCI clearance with polygraph and hands-on experience supporting the Risk Management Framework (RMF) process and the DoD Information Assurance Certification and Accreditation Process (DIACAP).

You will be required to be onsite as required by the contract/customer at the Annapolis Junction, MD facility.

Key Responsibilities:

• Serve as the designated ISSO and primary point of contact for assigned IC/DoD mission systems, owning system security posture, assignment of security technical implementation guides (STIGs), RMF/accreditation activities, and coordination with Government stakeholders (Authorizing Officials, Security Control Assessors, ISSMs, and external auditors).
• Manage configuration management processes to ensure integrity, traceability, and secure state of system baselines and authorized changes throughout the system lifecycle.
• Develop, maintain, and manage RMF accreditation documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessment Reports (RARs), Plans of Action & Milestones (POA&Ms), and Interconnection Security Agreements (ISAs).
• Execute continuous monitoring activities—vulnerability scanning, patch/configuration management, baseline assurance, and log/telemetry analysis—and coordinate remediation to mitigate risk.
• Plan and coordinate security control assessments, compliance inspections, and audits; manage remediation tracking, risk acceptance, and engagement with Authorizing Officials to achieve and maintain Authority to Operate (ATO).
• Develop, implement, and exercise Incident Response Plans (IRPs); lead incident triage, containment, recovery, reporting, and root‑cause analysis in accordance with IC and DoD policy.
• Provide technical guidance on secure system design, hardening, boundary protections, data handling, and cryptographic/COMSEC considerations.
• Advise leadership and stakeholders on system risk posture, emerging threats, and recommended mitigation strategies; prepare concise security briefings and reports.
• Develop and deliver security training and awareness materials for system users, administrators, and engineering teams.
• Maintain currency on evolving IC and DoD cyber security standards, threats, and best practices.

Required:

• Active TS/SCI with Polygraph (current and adjudicated)
• DoD 8570 IAT Level II certification: Security+ CE or higher (SSCP, GSEC, CCNA Security, etc.)
• 5+ years of experience administering classified information systems
• 3+ years as a named ISSO supporting IC systems
• Expertise with RMF (NIST SP 800‑37/800‑53) and IC/DoD security directives, DIACAP processes
• Experience with vulnerability assessment tools, SIEM/log analysis, patch management, configuration hardening, and CM tools/processes
• Strong communication skills with experience briefing technical and non‑technical stakeholders
• U.S. Citizenship required

Preferred:

• CISSP, CAP, CISSP‑ISSMP, or equivalent advanced certifications
• Prior IC program support within classified environments
• Experience securing classified cloud environments, cross‑domain solutions, PKI, and cryptographic handling policies
• Familiarity with DevSecOps practices in classified enclaves

Education: Bachelor’s degree in Cybersecurity, Computer Science, Information Assurance, or related field preferred; equivalent education or related experience acceptable.

Physical / Other Requirements

• Ability to work onsite within secure facilities as required
• Ability to pass facility-specific checks
• Occasional travel to customer/program sites may be required

Accountability, Accountability, Action Planning, Active Learning, Active Listening, Bias, Business, Coaching, Communication, Computer Literacy, Creativity, Critical Thinking, Cross-Functional Teamwork, Data Analysis Management, Data Collection Management (Inactive), Design Thinking, Empathy, Follow-Through, Growth Mindset, Intellectual Curiosity (Inactive), Long Term Planning, Managing Ambiguity, Personal Initiative, Policy and procedures, Process Improvements {+ 5 more}

Health & Wellbeing

We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.

Personal & Professional Development

We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.

Unconditional Inclusion

We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.

#unitedstates

#cybersecurity

Job:

Corporate Administration

Job Level:

Master

    

"The expected salary/wage range for this position is provided below. Actual offer may vary from this range based upon geographic location, work experience, education/training, and/or skill level.
– United States of America: Annual Salary USD 105,500 - 243,000 in Maryland
The listed salary range reflects base salary. Variable incentives may also be offered."

Information about employee benefits offered in the US can be found at https://myhperewards.com/main/new-hire-enrollment.html

Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities.

HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

   

No Fees Notice & Recruitment Fraud Disclaimer

 

It has come to HPE’s attention that there has been an increase in recruitment fraud whereby scammer impersonate HPE or HPE-authorized recruiting agencies and offer fake employment opportunities to candidates.  These scammers often seek to obtain personal information or money from candidates.

 

Please note that Hewlett Packard Enterprise (HPE), its direct and indirect subsidiaries and affiliated companies, and its authorized recruitment agencies/vendors will never charge any candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process.  The credentials of any hiring agency that claims to be working with HPE for recruitment of talent should be verified by candidates and candidates shall be solely responsible to conduct such verification. Any candidate/individual who relies on the erroneous representations made by fraudulent employment agencies does so at their own risk, and HPE disclaims liability for any damages or claims that may result from any such communication.