Cloud Information System Security Manager ISSM - Tyto Athene

Key Responsibilities

• Maintain and renew FedRAMP and DoD RMF authorizations for cloud‑based information systems.
• Develop, update, and manage security documentation, including SSPs, POA&Ms, and continuous monitoring plans.
• Conduct risk assessments, vulnerability scans, and remediation tracking to ensure ongoing compliance.
• Coordinate with system owners, engineers, and government stakeholders to implement security controls and resolve findings.
• Manage eMASS inputs, reporting, and audit readiness activities.
• Provide security guidance throughout the system development lifecycle and support incident response as needed.

Requirements

• 5+ years of experience in cloud security and federal compliance (FedRAMP, DoD RMF).
• Hands‑on experience with eMASS, continuous monitoring tools, and vulnerability management processes.
• Strong knowledge of NIST SP 800‑53, NIST RMF, and related federal security frameworks.
• Proven ability to produce and maintain security plans, POA&Ms, and risk assessments.
• Excellent communication skills for interfacing with technical teams and government auditors.