ISSM - RMF SME

Zachary Piper Solutions is seeking a Senior Information Systems Security Manager (ISSM) and Risk Management Framework (RMF) Subject Matter Expert (SME) to support mission‑critical capabilities for a major Department of Defense customer. This role operates within a pioneering and highly complex defense technology environment, requiring a seasoned cybersecurity professional to lead and oversee RMF implementation, cybersecurity engineering, and authorization activities across system lifecycles. The ISSM will be accountable for maintaining system security posture, advising senior DoD leadership, and safeguarding sensitive information critical to national security. To be successful in this role, candidates must demonstrate in‑depth knowledge of statutory and regulatory guidance, including:

• DoD Instruction 8500.01 (Cybersecurity)
• DoD Directive 8140.03 (Cyber Workforce)
• DoDI 8570 / 8140 IA Workforce requirements
• NIST SP 800-37 Rev. 2 (Risk Management Framework)
• NIST SP 800-53
• NIST SP 800-160 (System Security Engineering)

Key Responsibilities:

• Serve as the primary cybersecurity authority responsible for integrating System Security Engineering (SSE) principles throughout system design, development, and operational processes.
• Provide expert guidance on RMF implementation, authorization strategies, and enterprise risk management for a major DoD program.
• Oversee and validate system security architectures, including authorization boundaries, trust zones, data flows, and external system interfaces.
• Analyze system designs to identify security gaps, attack vectors, and architectural weaknesses; recommend engineering‑based mitigations.
• Conduct and oversee risk assessments, threat modeling, attack surface analyses, and mission impact evaluations.
• Lead Continuous Monitoring (ConMon) activities, including ACAS, SCAP, STIG compliance, and system telemetry integration.
• Perform and oversee Security Impact Analyses (SIA) for system changes, technology refreshes, and new capability integration.
• Support agile authorization and continuous ATO (cATO) approaches; experience with Operation Vulcan Logic (OVL) is a plus.
• Develop and implement incident response and system reconstitution procedures

Required Qualifications:

• Active Top Secret clearance with SCI eligibility
• Bachelor’s degree in Computer Science, Information Technology, or a related field
  • Master’s degree preferred or 10+ years of equivalent experience
• 10+ years of cybersecurity experience, including senior technical or leadership roles
• Experience supporting OSD, DoD components, or military organizations
• Demonstrated experience advising Senior Executive Service (SES)–level stakeholders
• Hands‑on experience with eMASS, Xacta, or similar GRC tools
• Experience with Federal and FedRAMP A&A processes
• Strong background in:
  • RMF and authorization
  • Cybersecurity engineering
  • Systems engineering
  • Risk management and compliance
• Excellent written and verbal communication skills, including senior‑level briefings
• Experience authoring cybersecurity policies, procedures, and implementation guides

Compensation:

**Depending on experience**