Information System Security Manager

Ready for What's Next? Kratos is a leader in assured aerospace communication solutions and services. We are cutting-edge innovators and creative problem solvers working collaboratively to solve our customers toughest challenges. Our culture is fast-paced and innovative. We are a trusted partneridriven by doing the right thing and achieving maximum success for our customers, our partners and ourselves.iKratos is looking for an ISSM to lead and support other cybersecurity professionals in the execution of information assurance programs and will support other IT teams in implementing security measures. This is accomplished in compliance with CMMC and Risk Management Framework policies and procedures such as System Security Plans, Risk Assessment Reports, Plans of Actions and Milestones, Assessment & Authorization packages, and Security Control Traceability Matrices. The ISSM will maintain an operational security posture and ensure security policies, standards, and procedures are established and followed. The ISSM will perform vulnerability and risk assessment analyses to support Assessment & Authorization and will provide configuration management for security software, hardware, and firmware.

While the primary location for this role is Kratos Orlando office, candidates should be prepared to support future classified projects at other company locations as needed. These assignments will be based on project requirements and may involve collaboration with cross-functional teams across multiple sites. The candidate must be comfortable coordinating with and receiving support from remote personnel, including cybersecurity specialists, system administrators, and compliance experts. The Orlando office is a dynamic and expanding hub, routinely taking on new and evolving projects that demand expertise in CMMC, NIST SP 800-171, and NIST SP 800-53 standards. This environment offers multiple opportunities for professional growth, exposure to cutting-edge cybersecurity initiatives, and the chance to contribute meaningfully to national security efforts.

This position is based on multiple DoD Directives; including DoD 5205.07 volumes 1-4; DoDD 5205.02E; DoDI 5025.01, 5205.11, 5200.39, 5220.22, DoDM 3305.13; DoD 8140 series; NIST 800 series special publications; Executive Orders 13556 and 13636, and DISA Security Technical Implementation Guides.

Applicants selected could be subject to a government security investigation and must meet eligibility requirements for access to classified information. U.S. citizenship is required. Travel to customer sites and other program locations will be required.

Primary Responsibilities:

As a cybersecurity professional supporting government programs, you will play a critical role in safeguarding systems and ensuring compliance with federal security standards. Responsibilities include:

Cybersecurity Program Management

• Develop, implement, and maintain a comprehensive cybersecurity program in coordination with government clients.
• Create and manage security policies, procedures, and documentation aligned with applicable directives and publications.
• Maintain current knowledge of system functions, technical safeguards, and operational security measures.

Security Authorization & Compliance

• Collaborate with government sponsors and ISSMs to conduct security authorization reviews and develop assurance cases for new systems and networks.
• Ensure compliance with security policies and enforce system requirements, including data ownership responsibilities.
• Review system changes and assesses their impact on overall security posture.

Monitoring, Auditing & Risk Management

• Develop and execute a continuous monitoring plan to ensure ongoing system integrity.
• Conduct security self-inspections, audits, and periodic testing to evaluate vulnerabilities and compliance.
• Analyze audit logs and reports, escalate anomalies, and recommend corrective actions.
• Document and report unresolved or serious security violations to appropriate authorities.

Incident Response & Recovery

• Lead execution of the cyber incident response plan during security events.
• Coordinate with stakeholders to manage incidents and maintain vulnerability compliance.
• Oversee system backup and recovery processes to ensure restoration of security features.
• Provide guidance on secure data purging and release procedures.

Training, Access Control & Personnel Oversight

• ISSOs are formally appointed, trained, and assigned duties appropriate to their expertise.
• Develop and implement a security education, training, and awareness program for all users.
• Verify user access requirements, including clearance, authorization, and need-to-know, prior to granting system access.
• Assume ISSO responsibilities when no ISSO is assigned to a system.

• 5i7 years of hands-on cybersecurity experience
• Minimum 3 years serving as an ISSM or in a supervisory cybersecurity role
• Proven background working within DoD or Federal Government information system environments
• Demonstrated expertise in CMMC compliance and implementation
• In-depth knowledge of the DISA Risk Management Framework (RMF)
• Current CISSP, CISM, or equivalent industry-recognized certification
• Proficiency with eMASS, XACTA, or similar government-authorized cybersecurity platforms
• Strong command of performance metrics, with a track record of optimizing operational efficiency
• Ability to stay ahead of industry trends, emerging technologies, and regulatory shifts
• Proven success in risk management, including vulnerability identification and mitigation
• Exceptional communication skills, both written and verbal, across technical and non-technical audiences
• Confident in briefing senior leadership and external stakeholders
• To work at this facility, you must be a US person

Preferred Skills and Experience

• Experience in Business Continuity and Disaster Recovery (BC/DR) planning and execution
• Familiarity with tools like ACAS, Graylog, Nessus, Splunk, or similar platforms
• Working knowledge of the Zero Trust security framework, especially in DoD applications
• Background supporting complex training simulation systems and mission-critical infrastructure
• Proficiency in Linux system administration
• Hands-on experience with Agile methodologies and tools such as Jira and Confluence
• Practical knowledge of AWS, including FedRAMP compliance and cloud security best practices
• Active Secret (or higher) Security Clearance

#LI-Onsite

Kratos is valued for our ability to design and deliver leading edge, resilient solutions for aerospace communication, control, awareness and mission success across a continuum of offeringsifrom commercial to tailored custom solutions and integrated programs. Customers trust us to stay relevant and know we are in it for the long-haul. We bring both the capability and confidence that our customers value and depend on. And, we always deliver.

This posting will close within 90 days from the Posting Date. i