Information System Security Officer (ISSO)

Cumberland Additive, Inc.
Pflugerville, United States of America
9 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Pflugerville, United States of America

Tech stack

Audit Trail
Backup Devices
Configuration Management
Computer Security
Information Systems
Information Security Management
Data Streaming
Software Vulnerability Management
Data Logging
Information Technology
Plan of Action and Milestones

Job description

The Information System Security Officer (ISSO) is responsible for leading, maintaining, and continuously improving the organization's cybersecurity compliance program. The position serves as the primary coordinator for CMMC Level 2 activities and works across all departments to ensure cybersecurity remains integrated into normal business operations., * Serve as the primary owner and coordinator of the CMMC Level 2 compliance program and C3PAO assessment

  • Maintain cybersecurity policies, procedures, documentation, and assessment
  • Coordinate internal reviews, corrective actions, and continuous improvement
  • Partner with the MSP and internal IT resources to ensure technical security controls remain effective and aligned with business needs.
  • Support the protection of Controlled Unclassified Information (CUI) and related information
  • Work with Quality to integrate cybersecurity into the quality management system.
  • Support external assessments and cybersecurity-related compliance
  • Provide cybersecurity awareness, guidance, and training across the
  • Monitor regulatory and contractual cybersecurity requirements and recommend

Key Deliverables

  • Current SSP with accurate system scope, boundary, asset inventory, data flows, control narratives, and
  • Current POA&M with ownership, due dates, risk notes, remediation status, and closure
  • CMMC Level 2 evidence library mapped to applicable practices and assessment
  • Recurring control review calendar and completed review
  • CUI handling procedure, CUI flow map, and department-specific work
  • Training matrix and completion records for cybersecurity awareness, CUI handling, and user
  • Internal audit results, corrective actions, and management review inputs related to
  • Supplier and external service provider records relevant to CUI handling and cybersecurity

Requirements

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or Information Systems preferred. Equivalent combinations of education, certifications, and relevant work experience may be considered.

  • Minimum 2 years of demonstrated cybersecurity or information technology experience supporting CMMC Level 2, NIST SP 800-171, DFARS 252.204-7012, or equivalent CUI cybersecurity compliance requirements; experience in an AS9100D or regulated manufacturing environment preferred.

  • Working knowledge of CUI handling, access control, MFA, endpoint protection, vulnerability management, incident response, configuration management, backup validation, logging, and account lifecycle management.

  • Ability to create and maintain SSPs, POA&Ms, policies, procedures, evidence libraries, audit records, and corrective action

  • Experience coordinating across IT, Quality, Engineering, Operations, HR, Purchasing, Contracts, and external service

  • Strong documentation discipline and ability to translate cybersecurity requirements into practical manufacturing

  • Ability to conduct internal reviews, identify gaps, assign corrective actions, and verify closure

Benefits & conditions

Pulled from the full job description

  • Health insurance
  • 401(k) matching
  • Vision insurance
  • Dental insurance
  • Life insurance
  • Disability insurance

Apply for this position