Qualis, LLC is seeking a skilled Information Systems Security Manager (ISSM) to join our Advanced Technology Group at our Huntsville, AL office. In this role, you will oversee the implementation of comprehensive cybersecurity and information assurance strategies for our programs. The ISSM will be responsible for ensuring compliance with Federal laws, Department of Defense (DoD) requirements, and applicable frameworks, including the Risk Management Framework (RMF) and NIST standards. This role involves managing the accreditation of software, systems, and networks, supporting the delivery of Authorizations to Operate (ATO), Interim Authority to Test (IATT), and Assess Only (AO) authorizations. The ideal candidate will have extensive experience in information assurance, cybersecurity assessments, risk management, and documentation preparation for accreditation and compliance. This is a key position that ensures the security and integrity of our information systems while meeting mission-critical objectives.

Responsibilities:

Manage and oversee a robust Risk Management Framework (RMF) compliance program in accordance with DoD requirements, NISPOM/DAAPM, JSIG, ICD 503, STIGs, and NIST publications (e.g., SP 800-37, SP 800-53).Obtain and maintain Authority to Operate (ATO), Interim Authority to Test (IATT), and Access Only (AO) approvals for software, information systems, and networks by preparing and delivering required documentation and artifacts.Develop and maintain System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and other essential security documentation.Perform continuous monitoring of systems, including weekly or monthly security control reviews, vulnerability management, and system audits.Provide security design guidance, analysis, and technical recommendations throughout the RMF process, ensuring compliance with cybersecurity standards and addressing vulnerabilities.Coordinate and collaborate with system owners, engineers, security officers, and stakeholders to ensure compliance with cybersecurity regulations and mission objectives.Conduct and support technical security assessments, such as cybersecurity scans, site surveys, and Security Impact Assessments (SIAs) for system changes.Support the accreditation and authorization of systems, equipment, and networks by modifying configurations to comply with government cybersecurity constraints.Oversee incident response, secure configuration management, event management, and account management processes.Prepare for and support internal and external cybersecurity reviews, inspections, and audits (e.g., DCSA visits, self-inspections).Utilize tools such as the Enterprise Mission Assurance Support Service (eMASS) to manage system authorizations and compliance.Lead the development and execution of cybersecurity policies, procedures, and education/awareness programs.