Information Systems Security Manager US

The Information Systems Security Manager (ISSM) is responsible for overseeing and managing the Metrea's cybersecurity compliance posture in alignment with various DoD regulatory requirements and industry-recognized security frameworks. This role provides subject matter expertise in the implementation, sustainment, and continuous improvement and monitoring of security controls required under the Cybersecurity Maturity Model Certification (CMMC) program, NIST Special Publications, and applicable federal cybersecurity regulations.

The ISSM ensures that information systems handling Controlled Unclassified Information (CUI) and other sensitive data meet or exceed compliance standards, including NIST SP 800-171, NIST SP 800-53, DFARS 252.204-7012, and related DoD cybersecurity mandates. The position serves as a key interface between executive leadership, program teams, IT Operations, IT Engineering and auditors to maintain certification readiness and support mission-critical secure operations.

Key responsibilities include developing and managing Metrea's security compliance strategy, leading risk management efforts, directing security assessments, supporting incident response planning, and ensuring proper governance of cybersecurity policies and procedures. The ISSM also provides oversight of System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and internal control validation efforts to support successful audits and ongoing regulatory compliance.

The ISSM plays a critical role in protecting organizational assets, ensuring contractual compliance, and enabling secure participation in the Defense Industrial Base (DIB) through a robust and defensible cybersecurity program.

What You'll Do

Role and Responsibilities

• Lead and support Metrea's cybersecurity compliance strategy and execution for CMMC certification and ongoing sustainment requirements.
• Ensure the implementation and continuous monitoring of security controls aligned with NIST SP 800-171, NIST SP 800-53, DoD cybersecurity mandates, and applicable regulatory frameworks.
• Develop, maintain, and manage required compliance artifacts, including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and supporting documentation for audits and assessments.
• Coordinate internal and external security assessments, including readiness efforts supporting CMMC Level 1/2 evaluations.
• Oversee continuous compliance monitoring, audit preparation, corrective action tracking, and remediation efforts to maintain a defensible cybersecurity posture.
• Provide governance and oversight for enterprise cybersecurity risk management in alignment with the NIST Risk Management Framework (RMF).
• Conduct regular risk and vulnerability assessments across Metrea's information systems, identifying and prioritizing mitigation strategies.
• Review, manage, and monitor access control requirements across the enterprise to ensure secure system authorization and enforcement.
• Support the review and management of security dashboards and monitoring tools to detect suspicious or anomalous activity.
• Actively respond to, investigate, and coordinate resolution of cybersecurity incidents in accordance with established response procedures.
• Design, enforce, and continuously improve comprehensive cybersecurity policies, procedures, standards, and guidelines.
• Support evaluation and enhancement of cybersecurity governance processes to strengthen compliance and operational resilience.
• Conduct periodic cybersecurity awareness training and routine simulations to improve organizational readiness and promote a culture of security across Metrea.
• Stay current with emerging security threats, technologies, and trends to inform proactive improvements to cybersecurity posture.
• Conduct software and systems engineering research to develop and implement new capabilities that enhance enterprise security.
• Partner with Platform, Contracts, and Program stakeholders to ensure cybersecurity compliance across operational environments and mission requirements.
• Generate, review, and present cybersecurity risk, compliance status, and security performance reports to senior leadership.
• Advise executive leadership on regulatory impacts, compliance risks, and strategic cybersecurity initiatives.

Do you have experience in Regulatory compliance?, Do you have a Bachelor's degree?, * Strong understanding of U.S. Government and Department of Defense policies, priorities, and national security-related cybersecurity requirements.

• Moderate experience capturing customer requirements and supporting development of Statements of Work (SOW), Plans of Action and Milestones (POA&Ms), and other compliance deliverables.
• Ability to interface effectively with industry, scientific, technology, military, policy, and finance communities to support mission and operational objectives.
• Moderate proficiency with Microsoft Office tools (Word, Excel, PowerPoint, Outlook).
• Demonstrated ability to troubleshoot technical issues and apply problem-solving skills in complex environments.
• Excellent verbal and written communication skills, with strong command of the English language.
• Confident presenter, able to engage mid-level to senior internal and external stakeholders.
• Strong relationship-building skills and ability to collaborate effectively while sharing knowledge across teams.
• Ability to communicate across cultures, regions, and industries, including experience working in diverse international environments.
• Highly developed sense of judgment, maturity, discretion, and integrity.
• Results-oriented with demonstrated strategic thinking, innovation, and adaptability in ambiguous or rapidly changing situations.
• Intellectually curious with strong critical thinking skills and attention to detail.
• Ability to quickly learn new environments, technologies, and subject areas.
• Capable of working independently with little or no assistance while maintaining accountability for outcomes.
• Strong organizational discipline, reliability, and ability to operate effectively under deadlines with accuracy.
• Proven ability to prioritize competing demands while balancing flexibility with disciplined execution.
• Ability to filter complex information, identify key issues, and support long-term strategic goals.
• Experience working in highly collaborative, matrixed environments to achieve program and project objectives.
• Capacity to balance strategic versus operational mindsets, with a strong performance orientation and ethical compass.

Additional Eligibility Qualifications

• Bachelor's degree in Information Systems, Computer Science, Cybersecurity, or a related field.
• Minimum of 5+ years of experience serving as an Information Systems Security Manager (ISSM) or in a comparable cybersecurity leadership role.
• Experience supporting cybersecurity compliance efforts within aerospace, defense, security, government contracting, and/or logistics environments.
• Must be a U.S. Citizen.
• Eligible to obtain or have an active US DoD security clearance.
• Ability to work with highly confidential and sensitive data with significant organizational impact if improperly disclosed., Applicants must be legally authorized to work in the United States.

Pulled from the full job description

• Pet insurance
• Paid parental leave
• AD&D insurance
• Parental leave
• Health insurance
• 401(k) matching
• Paid time off, Comprehensive medical plan options

HSA/FSA accounts

Dental and vision coverage

6% employer 401(k) match

Fully paid parental leave for all new parents

Generous PTO

Life and disability insurance Long-term and Short-term disability coverage

AD&D Coverage

Pet Insurance

Employee Assistance Program

Subsided gym membership / plans through Wellhub

Work Authorisation/Security Clearance

Metrea delivers effects-as-a-service to national security partners across five domains and more than a dozen mission areas-including airborne ISR, electronic warfare, secure communications, aerial refueling, special mission aviation, aerial firefighting, and advanced simulation. Wherever we operate, we build vertically integrated full stacks of capability-designing, building, and operating turnkey solutions that let customers scale capacity while benefiting from continuous cycles of innovation. With operators and engineers under one roof, we close the gap between lab and field-what we call connecting design with effect. Metrea's solutions are built for elegance: effective, efficient, and evolving. This approach enables our partners to do more with less and achieve outsized, asymmetric advantage against rapidly evolving threats. Headquartered in Washington, DC, Metrea has facilities across the United States, the United Kingdom, Europe, and beyond. Metrea Management LLC is our global shared service providing support for the Capability Units (CU) in areas such as People, Finance, Legal, Strategy and Information Technology.