Tyto Athene is seeking a Cloud Information System Security Manager (ISSM) to lead cybersecurity compliance and authorization efforts across multiple cloud environments. This role is responsible for maintaining FedRAMP and DoD RMF authorizations, ensuring continuous compliance with federal security requirements, and supporting cloud-based systems throughout their lifecycle.

The ISSM will oversee security documentation, risk management activities, vulnerability assessments, POA&M management, continuous monitoring, and authorization activities within FedRAMP and eMASS. Working closely with system owners, engineers, and government stakeholders, the ISSM will serve as the primary cybersecurity advisor for cloud programs, ensuring security controls are implemented, assessed, and maintained in accordance with FedRAMP, NIST, and DoD requirements.

This position requires experience supporting cloud-based ATOs, managing security compliance efforts, coordinating audits and assessments, and maintaining secure cloud operations in regulated federal environments.

Responsibilities:

• Serve as the designated ISSM for the system boundary and maintain cybersecurity for cloud architecture.
• Ensure that Information Owners (IOs) and stewards associated with DoD or FedRAMP information received, processed, stored, displayed, or transmitted on each cloud system are identified in order to establish accountability, access approvals, and special handling requirements.
• Maintain all cybersecurity-related documentation, compliance requirements, objectives, policies, personnel, and cybersecurity processes and procedures.
• Manage all cloud system POA&M items in the FedRAMP and eMASS systems and ensure continuous monitoring requirements are met.
• Ensure that incident response and contingency plans, tests, and reviews are synchronized and coordinated with affected parties and organizations.
• Ensure implementation of information system (IS) security measures and procedures, including reporting incidents to the Agency PMO and appropriate reporting chains, and coordinating system-level responses to unauthorized disclosures in accordance with DoD Manual 5200.01, Volume 4, for CUI.
• Act as a cybersecurity technical advisor for stackArmor Agency projects.
• Ensure that cybersecurity-related events or configuration changes that may impact stackArmor cloud systems' authorization or security posture are formally reported to the Authorizing Official (AO) and other affected parties, such as IOs, stewards, and AOs of interconnected DoD ISs.
• Ensure the secure configuration and approval of IT below the system level (i.e., products and IT services) in accordance with applicable guidance prior to acceptance into or connection to a DoD IS or PIT system.
• Review FedRAMP and DoD Provisional Authority (PA) artifacts to understand the risk that the AO will inherit for the customer and represent the organization in audits, assessments, and agency reviews.

Required:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field

  • Candidates with a bachelor's degree in another discipline may be considered with relevant cybersecurity experience and applicable certifications.

• DoD 8570.01-M /DoD 8140 IAM Level II/ III certification:
  • CISSP
  • CAP
  • CISM
  • CASP+ (SecurityX)
  • CCISO
• 8+ years of experience in cybersecurity, information assurance, information system security engineering (ISSE), or information system security management (ISSM) roles supporting federal or DoD environments.
• Demonstrated experience supporting cloud-based cybersecurity and authorization efforts, including FedRAMP and DoD cloud security requirements.
• Experience managing and maintaining Authority to Operate (ATO) packages within the Risk Management Framework (RMF).
• Working knowledge of FedRAMP authorization processes and DISA Cloud Access Point (CAP) requirements.
• Experience implementing and assessing NIST SP 800-53 security controls and supporting RMF activities in accordance with DoD 8510.01.
• Experience conducting security assessments, vulnerability management, and continuous monitoring activities using tools such as ACAS and SCAP.
• Knowledge of DISA Security Technical Implementation Guides (STIGs), Security Requirements Reviews (SRRs), and compliance validation processes.
• Familiarity with DoD cybersecurity policies, directives, and information security regulations.
• Demonstrated experience performing security risk assessments, threat modeling, vulnerability analysis, and risk mitigation planning.
• Experience supporting compliance efforts related to RMF, FISMA, FedRAMP, and NIST cybersecurity standards and guidance.
• Experience leading multiple cloud or enterprise systems through initial ATO and subsequent reauthorization activities, including direct interaction with Authorizing Officials (AOs), Security Control Assessors (SCAs), and government stakeholders.
• Experience managing authorization activities within eMASS.

Desired:

• Experience supporting FedRAMP Moderate or High cloud environments.
• Working knowledge of cloud service models, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
• Hands-on experience supporting cloud environments within AWS.
• Experience using GitLab to support secure software development and DevSecOps processes.
• Experience leveraging Splunk or similar SIEM platforms for security monitoring, incident investigation, and compliance reporting.
• Experience developing Assessment & Authorization (A&A) documentation from inception, including SSPs, SARs, POA&Ms, Contingency Plans, and related RMF artifacts.
• Experience supporting security assessments, control validation activities, and authorization reviews in federal or DoD environments.
• Familiarity with DevSecOps, Infrastructure as Code (IaC), and cloud-native security practices.
• Additional certifications:
  • CCSP (Certified Cloud Security Professional)
  • CRISC (Certified in Risk and Information Systems Control)
  • AWS Certified Security – Specialty, AWS Solutions Architect, or other relevant AWS certifications
  • GIAC certifications (GSEC, GCLD, GSLC, GCSA, or similar)
• Strong analytical, critical thinking, and problem-solving skills.
• Ability to manage multiple priorities and deadlines in a fast-paced environment.
• Excellent written and verbal communication skills, including the ability to communicate technical concepts to both technical and non-technical stakeholders.
• Demonstrated ability to work independently while collaborating effectively across engineering, operations, and compliance teams.

Clearance: DoD/DoW Secret clearance is required

Location: US Remote, must be willing to work east coast hours

Compensation:

• Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically between $140,000-$170,000 This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.

Benefits:

• Highlights of our benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave.