Scale AI
Information System Security Manager (ISSM), Public Sector
Scale AI, Washington, District of Columbia, us, 20022
Information System Security Manager (ISSM), Public Sector
Scale AI is seeking an experienced security and compliance professional to support Assessment and Authorization and agency audit activities for Scale’s products offered in the US Government and global Public Sector.
Key Responsibilities
Lead public sector security compliance projects and audits (FedRAMP HIGH, DoD Cloud Computing SRG IL4/IL5/IL6, NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework)
Collaborate with product, engineering, security, operations, people operations, and legal to implement new technical, administrative, and operational controls
Work with 3PAOs and federal government AOs to achieve compliance certifications and reports
Ensure implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures
Serve as liaison between system owners and other security personnel to effectively implement and maintain security controls throughout project lifecycle
Develop, maintain, review, and update system security documentation continuously
Conduct vulnerability scans and develop Plan of Action and Milestones (POAMs), coordinate correction or mitigation actions, and track POAM completion
Coordinate system owner concurrence for correction or mitigation actions and monitor security controls for ATO
Upload security control evidence to Governance, Risk, and Compliance (GRC) application (eMASS or Xacta)
Lead Risk Management Assessment and Authorization (A&A) processes for deployments
Perform cloud system risk assessments, enhance process workflows, and develop new processes
Implement all applicable manual Security Technical Implementation Guides (STIGs), vendor hardening guides, and ensure timely installation of all available patches
Create and maintain ATO packages
Lead security compliance reviews for new products, changes, and features
Proactively evaluate and advise the business on new and evolving certification programs, requirements, and technologies
Develop and provide training to improve security awareness and knowledge for all employees and contractors
Required Qualifications
Active US Top Secret security clearance with minimum IAT Level 2 certification (Security +, CASP, or similar)
Ideally you’d have
Experience implementing and maintaining frameworks and standards: FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, NIST 800-53.
STIG/RMF policy knowledge & implementation; validating compliance via ACAS and other relevant tests.
Experience in project management and taking projects from conception to launch.
Ability to translate between business and technical risk and communicate clearly to leadership.
Excellent organizational and communication skills.
Understanding of cybersecurity controls for cloud service providers.
Knowledge of AWS and other government authorized cloud services.
5+ years of security compliance or technology audit related experience.
Nice-to-haves
Bachelor’s degree in accounting, information systems, computer science, or a related field.
Metadata Seniority level: Mid‑Senior level | Employment type: Full‑time | Job function: Information Technology | Industries: Software Development
#J-18808-Ljbffr
Key Responsibilities
Lead public sector security compliance projects and audits (FedRAMP HIGH, DoD Cloud Computing SRG IL4/IL5/IL6, NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework)
Collaborate with product, engineering, security, operations, people operations, and legal to implement new technical, administrative, and operational controls
Work with 3PAOs and federal government AOs to achieve compliance certifications and reports
Ensure implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures
Serve as liaison between system owners and other security personnel to effectively implement and maintain security controls throughout project lifecycle
Develop, maintain, review, and update system security documentation continuously
Conduct vulnerability scans and develop Plan of Action and Milestones (POAMs), coordinate correction or mitigation actions, and track POAM completion
Coordinate system owner concurrence for correction or mitigation actions and monitor security controls for ATO
Upload security control evidence to Governance, Risk, and Compliance (GRC) application (eMASS or Xacta)
Lead Risk Management Assessment and Authorization (A&A) processes for deployments
Perform cloud system risk assessments, enhance process workflows, and develop new processes
Implement all applicable manual Security Technical Implementation Guides (STIGs), vendor hardening guides, and ensure timely installation of all available patches
Create and maintain ATO packages
Lead security compliance reviews for new products, changes, and features
Proactively evaluate and advise the business on new and evolving certification programs, requirements, and technologies
Develop and provide training to improve security awareness and knowledge for all employees and contractors
Required Qualifications
Active US Top Secret security clearance with minimum IAT Level 2 certification (Security +, CASP, or similar)
Ideally you’d have
Experience implementing and maintaining frameworks and standards: FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, NIST 800-53.
STIG/RMF policy knowledge & implementation; validating compliance via ACAS and other relevant tests.
Experience in project management and taking projects from conception to launch.
Ability to translate between business and technical risk and communicate clearly to leadership.
Excellent organizational and communication skills.
Understanding of cybersecurity controls for cloud service providers.
Knowledge of AWS and other government authorized cloud services.
5+ years of security compliance or technology audit related experience.
Nice-to-haves
Bachelor’s degree in accounting, information systems, computer science, or a related field.
Metadata Seniority level: Mid‑Senior level | Employment type: Full‑time | Job function: Information Technology | Industries: Software Development
#J-18808-Ljbffr