IT Security Manager

Overview

Lead federal cybersecurity, manage controls, ATO, POA&Ms and compliance.

Key Responsibilities

• security reporting
• ato management
• poa&m tracking
• cybersecurity guidance
• incident response
• risk assessment

Tasks

-Prepare and deliver regular security status reports, dashboards, and briefings to leadership and the customer -Lead preparation, documentation, and submission activities to support system Authorization to Operate (ATO) and ongoing authorization processes -Manage and track Plans of Action and Milestones (POA&Ms) to ensure timely remediation of identified vulnerabilities and audit findings -Provide cybersecurity guidance to development and operations teams to ensure secure design, configuration, and deployment of applications -Champion a culture of cybersecurity awareness and continuous improvement across the program team -Maintain system security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Continuous Monitoring Plans -Serve as the primary cybersecurity lead for the program, overseeing implementation, assessment, and continuous monitoring of security controls for applications managed by the CPIC PMO -Oversee incident response procedures, ensuring rapid identification, investigation, and mitigation of cybersecurity events -Conduct risk assessments, vulnerability scans, and security reviews to proactively identify and address potential threats -Monitor compliance with change management and configuration control procedures to maintain system integrity -Ensure compliance with federal cybersecurity standards and frameworks, including FISMA, NIST SP 800-53, and the Risk Management Framework (RMF) -Coordinate with the customer's Information System Security Officer (ISSO), system owners, and other stakeholders to maintain security authorization and compliance

Requirements

• nessus
• splunk
• nist
• 8+ years
• cissp
• cloud security

What You Bring

-Excellent communication and leadership skills with the ability to brief executives and collaborate across technical and non-technical teams -Familiarity with tools such as Nessus, Splunk, AWS Security Hub, or equivalent monitoring and assessment platforms -Deep knowledge of federal cybersecurity frameworks, including FISMA, NIST SP 800-53, NIST RMF, and FedRAMP -8+ years of progressive experience in IT security management or cybersecurity operations within federal environments -U.S. Citizenship and ability to obtain or maintain a Public Trust clearance required -Experience working with ISSOs, auditors, and federal compliance stakeholders -Immediate vesting -Demonstrated experience supporting system authorization (ATO) activities and managing POA&Ms -Strong understanding of cloud security, access control, and data protection principles -Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related discipline (Master's preferred) -Proven ability to lead incident response, vulnerability management, and continuous monitoring processes -Security certifications required: CISSP, CISM, or CAP (other relevant credentials such as Security+ or CEH are a plus)

People Also Searched For

Benefits

-Paid time off -Pet Insurance -Legal Shield and Identity Theft protection plans -Company-paid Life & AD&D insurance plan -Eligibility for an employer match -Voluntary benefits include: -401k plan with Roth option -Comprehensive medical, dental, and vision plans -Life & AD&D Insurance for employee, spouse, and children -Holidays - 11 paid holidays per year -Employee stock ownership plan (ESOP) - Pride in being an employee-owner and annual employer contribution (per plan guidelines) -Wellness Resources -Short-term and long-term disability (per plan guidelines) -Company-paid training and development program -Employee Assistance Program

About Techflow, Inc.

-Founded in 1995 amid the dot‑com boom, the firm began by modernizing systems for clients like DreamWorks, Toshiba and MGM. -Headquartered in San Diego with a coast‑to‑coast footprint, including DC and Idaho, it blends digital, platform, energy & maintenance expertise. -The company delivers advanced IT modernization, predictive analytics, EV infrastructure, cybersecurity and proactive maintenance. -Its Platform Services division keeps critical assets mission‑ready through lifecycle support, analytics and field logistics. -Energy & Mobility teams lead Net Zero strategy, EV planning/installation and secure energy simulation work.

Sector Specialisms