(651) Senior Information Security Systems Manager

Company Summary

Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future. 

Position Overview 

Seeking an RMF Sr. Information Security Systems Manager (ISSM) and Subject Matter Expert to support mission critical Office of the Undersecretary of War for Research and Engineering (OUSW (R&E) capabilities within all facets of the RMF.  This pioneering domain presents unique challenges, necessitating skilled ISSMs to maintain system security and oversee cyber implementation. The role demands accountability for upholding security standards across the organization, navigating the evolving landscape of defense technology and safeguarding sensitive information crucial to national security. To be successful in this position the candidate must possess a firm understanding of statutory guidance such as statutory guidance including 570.01 (Information Assurance Workforce Improvement Program), DoWI 8500.01 (Cybersecurity), DoW Directive 8140.03 (Information Systems Security Manager – DoW Cyber Exchange), and NIST 800-37 r2 (Risk Management Framework for Information Systems and Organizations). 

Successful candidates should be able to:

• Expertly Implements and Manages Cybersecurity Controls: Implement and manage controls across all system lifecycle phases, ensuring alignment with DoW 8500.01 and NIST 800-53 requirements to maintain robust security posture, tailored risk mitigations, and full alignment with DoW cybersecurity directives and OVL processes.
• Security Policy Development: Develop and implement security policies, procedures, and guidelines to ensure compliance with applicable laws, regulations, and industry best practices.
• Risk Management: Conduct risk assessments and identify potential vulnerabilities and threats to information systems. Develop and implement risk mitigation strategies and controls to minimize the impact of security incidents.
• Security Planning and Implementation: Collaborate with system administrators, network administrators, and other stakeholders to plan and implement security measures for information systems. This includes establishing security controls and standards for information systems including Continuous Monitoring.
• Incident Response and Management: Develop and implement incident response procedures to reconstitute system operations to address security incidents and breaches.
• Assurance and Resiliency: Ensure compliance with relevant security standards, regulations, and frameworks. Conduct periodic security audits and assessments to evaluate the effectiveness of security controls and identify areas for improvement.
• Security Documentation and Reporting: Maintain accurate and up-to-date security documentation, including security plans, risk assessments, and incident reports. Provide regular reports to management on the status of information security and any identified risks or vulnerabilities.

Work Location: Full-Time Onsite (Mark Center, DMV)

Clearance: Top Secret with SCI eligibility

Job Responsibilities and/or Success Factors

• Utilize expert knowledge and experience regarding risk management strategies in support of a major DoW program.
• Serve as the primary cybersecurity authority responsible for integrating System Security Engineering (SSE) principles into system design, development, and operational processes to ensure systems are secure by design and aligned with mission requirements.
• Collaborate between the Cyber Risk Assessor/Security Control Assessor and the program as well as DoW senior leadership.
• Reporting of status and metrics for body of evidence and authorization conditions.
• Develop and implement security policies, procedures, and guidelines to ensure compliance with applicable laws, regulations, and industry best practices.
• Conduct risk assessments and identify potential vulnerabilities and threats to information systems, to include threat modeling, attack surface analysis, and mission impact evaluation.
• Develop and implement risk mitigation strategies and controls to minimize the impact of security incidents, ensuring alignment with system architecture and engineering design.
• Oversee and validate system security architecture, including authorization boundaries, data flows, trust zones, and external system interfaces (ISAs), ensuring alignment with DoW 8500.01 and NIST 800-53.
• Collaborate with system administrators, network administrators, engineers, and developers to plan, design, and implement security measures for information systems, ensuring security controls are engineered into solutions and not applied post-development.
• Ensure integration of cybersecurity within DevSecOps pipelines, including validation of secure coding practices, automated scanning (SAST/DAST), and software supply chain risk management.
• Develop and implement incident response procedures to reconstitute system operations and address security incidents and breaches.
• Ensure compliance with relevant security standards, regulations, and frameworks while validating technical control implementation effectiveness across the system lifecycle.
• Conduct periodic security audits and assessments to evaluate the effectiveness of security controls and identify areas for improvement, ensuring alignment between control implementation and assessment outcomes.
• Lead and manage Continuous Monitoring (ConMon) activities, including oversight of ACAS, SCAP, STIG compliance, and system telemetry integration to detect and respond to security posture drift.
• Perform and oversee Security Impact Analyses (SIA) for system changes, technology refresh, and new capability integration to determine impact on authorization status and required actions.
• Maintain accurate and up-to-date security documentation, including security plans, risk assessments, architecture artifacts, and incident reports.
• Provide regular reports to the Government customer on the status of information security, risk posture, and any identified vulnerabilities or operational risks.
• Provide support regarding the DoW’s agile authorization. Experience with Operation Vulcan Logic (OVL) processes a plus.
• Ensure systems are:
• Secure by design
• Continuously monitored
• Objectively assessed
• Defensible to the Authorizing Official (AO)
• Should have a strong background in information security, systems engineering, risk management, and compliance.
• Strong client focus and commitment to continuous improvement, ability to proactively network and establish relationships.
• Manage multiple priorities in a high-paced and fast-changing environment.
• Perform other duties as assigned or required.

Successful candidates should be able to: (Enhanced Section)

• Expertly implement and manage cybersecurity controls across all system lifecycle phases, ensuring alignment with DoW 8500.01 and NIST 800-53 requirements.
• Apply System Security Engineering (SSE) principles (NIST 800-160) to ensure security is embedded within system architecture, design, and implementation.
• Translate cybersecurity requirements into technical engineering solutions and system configurations.
• Analyze system architectures to identify security gaps, attack vectors, and design weaknesses, and recommend engineering-based mitigations.
• Oversee integration of Zero Trust principles, identity management (ICAM), and encryption solutions within system environments.
• Ensure effective implementation of Continuous Monitoring strategies, including automated data collection, analysis, and reporting.
• Interpret assessment results and translate findings into actionable engineering and risk mitigation strategies.
• Support DevSecOps and continuous ATO (cATO) approaches through automation, tooling, and integration of security into development pipelines.

Education and Minimum Qualifications

• Must have an active Top Secret with SCI eligibility
• Bachelor’s degree in computer science/information technology, or other related degree fields (master’s degree is preferred or at least 10 years of related experience)
• At least 10+ years of cybersecurity experience including a senior technical or management role, Project or Program Management experience a plus.
• At least one IAT/IAM or equivalent security certifications ex. CISSP, CCSP, CISM, CISA, or CASP
• Experience working with OSD leadership or Military component or branch.
• Excellent communication/presentation skills briefing senior military and government civilian leadership.
• Experienced with writing policies, guides, procedures.
• Experience in hands on with eMASS, Xacta and/or other GRC tools.
• Experience with Federal and FedRamp A&A Processes.
• Experienced and comfortable advising at the Senior Executive Service (SES) level of customers

AAP Statement

We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.