Information System Security Manager (ISSM) - Rochester, NH

AEC AP is seeking an experienced Information System Security Manager (ISSM) to lead the cybersecurity operations for classified systems in support of Sensitive Activities and Special Access Programs (SAP). The ISSM will ensure compliance with all applicable governance agency cybersecurity requirements and manage accreditation and lifecycle security for critical information systems. The ISSM will also support the day-to-day cybersecurity operations of classified systems.

The ISSM will oversee the implementation of security measures and processes in alignment with the Joint Special Access Program Implementation Guide (JSIG) and Risk Management Framework (RMF). This leadership role involves close coordination with internal teams, program managers, and government security officials to ensure systems remain secure and compliant. This is also a hands-on role in development, implementation, and maintenance of cybersecurity documentation, ensure security controls are functioning properly, and contribute to continuous monitoring efforts.

This role will also act as the Information Systems Security Officer (ISSO) while the scope of the program expands to justify an additional resource.

• Develop and maintain of System Security Plans (SSPs), Risk Assessments, and POA&Ms.
• Manage security authorization packages in accordance with JSIG requirements.
• Support ongoing compliance with JSIG and RMF cybersecurity requirements.
• Ensure systems comply with all government agency cybersecurity policies and SAP-specific requirements.
• Monitor and report on system configuration, user activity, and vulnerability remediation.
• Conduct audits, manage inspections, and support security incident investigations.
• Ensure users are trained and systems are operated securely and in accordance with policy.
• Supervise personnel; provide mentorship and guidance.
• Coordinate directly with SAP program teams and customer stakeholders on security operations.
• Act as the primary security interface to government accrediting authorities.
• Coordinate closely with IT and security teams to support accreditation and audit readiness
• Support CMMC audit procedures

Formal Education & Certification

• CISSP certification (required).
• University degree in the field of computer science or information systems or equivalent work related experience.
• Active Secret clearance (required) TS preferred

Knowledge & Experience

• Minimum 5 years of experience in information systems security, including classified environments.
• Demonstrated expertise with SAP programs and JSIG implementation.
• Strong knowledge of RMF, NIST SP 800-53, NIST SP800-53, ISO 27001 and DoD 5205.07 Series.
• Excellent leadership, communication, and organizational skills.

Personal Attributes

• Strong leadership skills.
• Excellent written, oral, and interpersonal communication skills.
• Ability to conduct and direct research into IT issues and products.
• Ability to present ideas in business-friendly and user-friendly language.
• Highly self-motivated, self-directed, and attentive to detail.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Extensive experience working in a team-oriented, collaborative environment.

• Sitting for extended periods of time.
• Dexterity of hands and fingers to operate a computer keyboard, mouse, power tools, and to handle other computer components.
• Occasional inspection of cables in floors and ceilings.
• Lifting and transporting of moderately heavy objects, such as computers and peripherals.