Senior Manager, Cyber Assurance

The Cyber Assurance Team comprises ISSM, ISSO, and ISSE personnel who collectively ensure security compliance, authorization success, and security engineering throughout the system lifecycle. CAT members support proposal development, design reviews, system authorization, and continuous monitoring across all protection levels.

We are looking for a Senior Manager, Cyber Assurance to provide strategic and operational leadership for the Cyber Assurance Team to ensure that all program systems achieve and maintain cybersecurity authorizations, comply with applicable security policies (JSIG, ICD 503, NIST 800‑53, DoD RMF), and deliver secure engineering throughout the system lifecycle. The Manager aligns CAT activities with proposal development, design reviews, system authorization, and continuous monitoring across all protection levels (PL‑2‑4).

• Define the CAT vision, objectives, and performance metrics
• Prioritize and allocate resources across ISSM, ISSO, and ISSE tasks to meet program milestones.
• Direct the end‑to‑end RMF lifecycle (categorization, control selection, implementation, assessment, authorization, and continuous monitoring) for all classified systems.
• Ensure System Security Plans (SSP), Security Assessment Reports (SAR), and POA&Ms are authored, reviewed, and updated in coordination with the ISSM.
• Supervise, mentor, and evaluate ISSM, ISSO, and ISSE personnel; maintain certification currency and professional development.
• Conduct regular CAT meetings, status briefings, and after‑action reviews.
• Oversee the continuous monitoring program, integrating findings from Splunk, Tenable, and other security tools.
• Manage GRC platforms (eMASS, Xacta) to track security artifacts, compliance evidence, and audit trails.
• Serve as Responsible Officer (or designate an Alternate) for COMSEC operations, ensuring proper key generation, distribution, accounting, and crypto‑erase processes.
• Lead risk‑assessment workshops to identify threats, vulnerabilities, and mitigation strategies specific to each protection level.
• Direct incident‑response activities, coordinating with the ISSO, ISSE, and government incident‑response teams.
• Provide executive briefings on authorization status, security posture, and risk‑based decisions.
• Contribute security guidance and accreditation strategies during proposal development, preliminary design reviews (PDR), and critical design reviews (CDR).
• Ensure security architecture documentation is incorporated into proposal deliverables.
• Ensure zero critical POA&M items remain open beyond 90 days; drive timely closure of all findings.
• Prepare for and support government security‑assessment visits, ensuring no findings that could suspend an ATO.
• Drive and monitor vulnerability‑remediation timelines – Establish and enforce the CAT‑I (≤ 15 days), CAT‑II (≤ 30 days) and CAT‑III (≤ 90 days) remediation windows for all identified findings; implement a tracking dashboard, conduct weekly status reviews, and intervene when any ticket approaches its deadline
• 03 - (CUI) Stat... (OCR).pdf.
• Guarantee STIG compliance across the environment – Direct the team to achieve and sustain DISA‑STIG compliance scores of ≥ 95 % on every managed system, using automated configuration‑validation tools (e.g., Puppet, SCAP) and periodic audit checkpoints
• Ensure incident‑response SLAs are met – Define severity‑based response and resolution targets, supervise the incident‑response workflow, and verify that all security events are closed within the agreed‑upon SLA windows; report outliers to senior leadership and trigger corrective‑action plans.
• Implement performance‑tracking and reporting – Develop key‑performance indicators (KPIs) for each of the above areas, produce weekly and monthly status briefs for the ISSO/ISSM and the USG Digital‑Infrastructure Working Group, and adjust resources or processes proactively to meet contractual obligations.

• Bachelor’s degree in Computer Science, Information Security, or related field (Master’s preferred).
• 8+ years of progressive cyber‑security leadership experience in DoD or classified environments.
  Certifications
• AM/IAT Level III (CISSP, CASP+, CISM, or equivalent).
• Additional certifications such as PMP, CISSP‑ISSAP, or CIPP are a plus.
• Deep knowledge of JSIG, ICD 503, NIST 800‑53, DoD RMF (DoDI 8510.01).
• Proven success obtaining ATO/IATT/IATO for PL‑2‑4 systems on NIPR, SIPR, and JWICS networks.
• Familiarity with SAP security, compartmented access controls, and COMSEC key management.
• Experience leading cross‑functional security teams (ISSM, ISSO, ISSE).
• Strong communication and stakeholder‑management abilities to interface with DISA, NSA, DIA, service CIOs, and government ISSMs.
• Active DoD Secret (TS/SCI‑eligible) clearance.