Information System Security Manager

As an ISSM, you will oversee a portfolio of FBI IT systems, provide strategic security oversight and ensure compliance with federal cybersecurity policies and risk management frameworks. You will lead a team of contractor personnel, guide system owners through the SAA lifecycle, and ensure that security controls are properly implemented, assessed, and documented. This role is critical to safeguarding FBI mission systems and maintaining the integrity of enterprise cybersecurity operations.

Duties

GS-13:

• Assist System Owners, Program Managers, and ISSOs with Security Assessment and Authorization (A&A) activities and RMF documentation requirements.
• Apply federal cybersecurity standards and guidance, including NIST SP 800-53 Rev. 5, NIST SP 800-53A, and FISMA requirements.
• Conduct security control assessments, compliance monitoring, and vulnerability tracking in support of system authorization and continuous monitoring programs.
• Support risk remediation activities, including tracking and resolving security findings through Plan of Action and Milestones (POA&M).
• Coordinate with system stakeholders on configuration management, change management activities, and Configuration Control Board (CCB) participation.
• Provide cybersecurity recommendations and guidance to ISSMs, ISSOs, and system stakeholders regarding compliance requirements, security controls, and risk mitigation actions.

GS-14 (In addition to the above):

• Serve as a senior cybersecurity advisor to leadership, providing recommendations regarding system authorization decisions, risk posture, and security control implementation.
• Lead Security Assessment and Authorization (A&A) activities and coordinating with System Owners, ISSOs, and Authorizing Officials to obtain and maintain Authority to Operate (ATO).
• Apply and interpret federal cybersecurity standards and policies, including NIST SP 800-53 Rev. 5, NIST SP 800-53A, FISMA, CNSS, and Intelligence Community security guidance.
• Manage continuous monitoring programs, including vulnerability management, configuration baseline compliance, and remediation tracking through Plan of Action and Milestones (POA&M).
• Coordinate cybersecurity activities across multiple systems or projects simultaneously, ensuring compliance with security policies and operational priorities.
• Provide strategic cybersecurity guidance and technical recommendations to senior leaders and stakeholders regarding security engineering initiatives, risk mitigation strategies, and system authorization status.

Salary

• $90,925 - $139,684/year

Conditions of Employment

• Must be a U.S. citizen.
• Must be able to obtain a Top Secret-SCI clearance.

Qualifications

GS-13: Applicant must possess at least one (1) year of SE equivalent to the GS-12 grade level. SE is defined as follows:

• Hands-on experience supporting cybersecurity compliance and RMF authorization activities for information systems. Supporting implementation of the NIST Risk Management Framework (RMF) for federal information systems, including documentation, control implementation, and authorization support.
• Knowledge of, and experience working with, the Risk Management Framework (RMF) process, either as an ISSO, ISSE, ISSR or another role.
• Knowledgeable of assessing the security controls in Federal Information Systems NIST SP 800-53A.
• Ability to coordinate, prioritize and monitor work, including across multiple projects.
• Experience in providing recommendations to senior ISSM's, ISSO's, and ISSM Team on security and engineering projects and initiatives.

GS-14: Applicant must possess at least one (1) year of SE equivalent to the GS-13 grade level. In addition to the above, SE is defined as follows:

• Advanced experience leading cybersecurity risk management and authorization activities for federal information systems, lifecycle, including system categorization, security control selection, implementation, assessment, authorization, and continuous monitoring.
• Leading Security Assessment and Authorization (A&A) activities and coordinating with System Owners, ISSOs, and Authorizing Officials to obtain and maintain system authorization.
• Knowledgeable of the Risk Management Framework NIST Special Publication 800-53 Rev5, FISMA, and its implementation through NIST, CNSS, IC and other government standards
• Knowledgeable of assessing the security controls in Federal Information Systems NIST SP 800-53A.
• Ability to coordinate, prioritize, and monitor work across multiple projects; in addition to providing guidance and recommendations on security and engineering projects and initiatives to leadership.

Desired Skills

Desired skills are NOT mandatory and will NOT be utilized to minimally qualify applicants. Desired Skills are:

• Excellent customer service mindset and reputation.
• Experience communicating in writing and orally.
• Preferred certification in one or more cybersecurity disciplines (e.g., CISSP, CISM, CCSP, NCSF, etc.)
• Preferred prior architecture / systems engineering experience.
• Preferred prior network, cloud system, and application development experience.

Education Education may not be substituted for specialized experience at this level. Other Information Online applications must be received before 11:59 p.m. on April 7, 2026, or when 150 applications are received, whichever comes first. To attract and retain highly qualified candidates, selectees may be eligible for a recruitment incentive of up to 20% or, for eligible current federal employees, a relocation incentive of up to 15%. Eligibility for a relocation incentive requires proof of a change in residence and an assignment at a worksite in a different geographic area greater than or equal to 50 miles from the prior worksite. Employees must sign a written service agreement completing a specified period of employment with the FBI at the new duty station. Recruitment and relocation incentives cannot be combined. Required Documents

1. Utilizing the Resume Builder, outline your relevant work experience and associated start and end dates. Uploaded resumes will not be reviewed or used for qualification purposes.
2. Other supporting documents (if applicable):
   • College transcripts, if qualifying based on education or if there is a positive education requirement.
   • Former civilian Federal employees must submit a copy of your MOST RECENT SF-50 (Notification of Personnel Action) showing your tenure, grade and step, salary, and type of position occupied (i.e., Excepted or Competitive); or similar Notification of Personnel Action documentation, i.e., Transcript of Service, Form 1150, etc. This is a requirement to verify your Time in Grade (TIG). Actions such as promotion, within grade increase, or reassignment actions must be submitted as your most recent SF 50.
   • Most recent Performance Appraisal; not applicable to current FBI employeesVeterans: DD 214; Disabled Veterans: DD 214, SF-15, and VA letter dated 1991 or later
   • Memorandum for Record (MFR): Work performed outside assigned duties (that would not normally be documented on an SF-50, i. e., back-up duties), has to be documented in detail by an immediate supervisor in order to receive full credit for amount of time worked in that position. If no documentation is furnished no credit will be given for time worked in that position. The following notations must be specified in the documentation:
     • Percent of time worked in the particular position (cannot conflict with main duties.
     • The month/year work beganFrequency worked (i.e., daily, monthly, etc.)
     • Specific duties performed

How to Apply

To apply for the Information System Security Manager position, please click here.