Custom Computer Specialists
Virtual Information Security Systems Manager (vISSM)
Custom Computer Specialists, Raleigh, North Carolina, United States, 27601
Overview
The Virtual Information Systems Security Engineer (ISSE) is responsible for designing, implementing, and maintaining cybersecurity architectures that meet federal compliance standards while protecting client environments across multiple sectors. This role encompasses the full range of responsibilities typically held by an in‑house Information Systems Security Manager (ISSM), with the added challenge of supporting multiple clients under diverse compliance frameworks.
The ISSE will play a key role in advancing CCS’s defense compliance program and driving the continuous growth of our cybersecurity practice. The position requires deep knowledge of DFARS, NIST guidelines, NISPOM, and CMMC, as well as the ability to tailor technical and compliance solutions to each client’s operational and regulatory requirements.
Key Responsibilities
Serve as the primary cybersecurity engineer and compliance advisor for clients operating under
DFARS 252.204-7012 ,
NIST SP 800-171/53 ,
NISPOM , and
CMMC 2.0
frameworks.
Design, implement, and document secure architectures balancing compliance, risk management, and operational efficiency.
Develop, maintain, and review
System Security Plans (SSPs) ,
POA&Ms , and
Incident Response Plans
aligned with DoD and NIST standards.
Conduct
gap analyses
and
readiness assessments
for CMMC 2.0 and NIST SP 800-171 control compliance.
Develop and assist clients with implementing
security policies, procedures, and awareness training programs .
Identify and mitigate cybersecurity risks and vulnerabilities across client environments.
Collaborate with defense compliance and vCISO teams to implement secure system configurations and continuous monitoring programs.
Support system
authorization and accreditation
processes (RMF / NISPOM / CMMC).
Build and maintain
POA&Ms
and assist with remediation planning and execution.
Participate in client
security governance processes , reporting status and recommendations to stakeholders.
Evaluate and recommend new technologies, tools, and configurations to enhance compliance and security posture.
Guide clients through
external audits, assessments, and certification
activities.
Gain knowledge/expertise in the handling of
FOCI-mitigated clients
and associated compliance requirements.
Prepare and present technical findings and risk reports to executive and nontechnical audiences.
Perform other job‑related duties as assigned.
Qualifications
Bachelor’s degree in
Cybersecurity, Computer Science, Information Systems , or equivalent experience.
Extensive knowledge of:
DFARS 252.204-7012
and related DoD cybersecurity mandates.
NIST SP 800-171 ,
NIST SP 800-53 , and supporting frameworks.
National Industrial Security Program Operating Manual (NISPOM) .
CMMC 2.0
maturity levels, domains, and practices.
7+ years of experience in IT administration and security engineering.
5+ years working in the
defense sector
supporting compliance or accreditation efforts.
2+ years of experience administering
Office 365 GCC High / Azure Gov Cloud
environments.
Familiarity with
Cisco, Meraki, and Fortinet
network products.
Experience with
VMware, Veeam, Microsoft Windows Server , and related management tools.
Experience with
vulnerability management
(e.g., Nessus, Qualys),
SIEM , and
endpoint protection
platforms.
Knowledge of
RMF ,
STIGs , and
DISA hardening standards .
Strong written and verbal communication skills; able to translate technical findings into business context.
US Citizenship required; ability to obtain or maintain DoD security clearance (Secret or higher).
Certifications
Required / Strongly Preferred:
CISSP, Cyber AB CCP/CCA, or equivalent.
Preferred:
CISM or CISA
CCSP or Azure Security Engineer Associate
CAP (Certified Authorization Professional)
CMMC Certified Professional (CCP) or CMMC Assessor (CCA)
Compensation & Benefits
Competitive compensation based on experience and certifications.
Flexible remote schedule and client engagement model.
Opportunities for professional growth within a rapidly expanding cybersecurity and compliance practice.
Access to ongoing
CMMC/DFARS/NIST
training, certification pathways, and mentorship programs.
#J-18808-Ljbffr
The ISSE will play a key role in advancing CCS’s defense compliance program and driving the continuous growth of our cybersecurity practice. The position requires deep knowledge of DFARS, NIST guidelines, NISPOM, and CMMC, as well as the ability to tailor technical and compliance solutions to each client’s operational and regulatory requirements.
Key Responsibilities
Serve as the primary cybersecurity engineer and compliance advisor for clients operating under
DFARS 252.204-7012 ,
NIST SP 800-171/53 ,
NISPOM , and
CMMC 2.0
frameworks.
Design, implement, and document secure architectures balancing compliance, risk management, and operational efficiency.
Develop, maintain, and review
System Security Plans (SSPs) ,
POA&Ms , and
Incident Response Plans
aligned with DoD and NIST standards.
Conduct
gap analyses
and
readiness assessments
for CMMC 2.0 and NIST SP 800-171 control compliance.
Develop and assist clients with implementing
security policies, procedures, and awareness training programs .
Identify and mitigate cybersecurity risks and vulnerabilities across client environments.
Collaborate with defense compliance and vCISO teams to implement secure system configurations and continuous monitoring programs.
Support system
authorization and accreditation
processes (RMF / NISPOM / CMMC).
Build and maintain
POA&Ms
and assist with remediation planning and execution.
Participate in client
security governance processes , reporting status and recommendations to stakeholders.
Evaluate and recommend new technologies, tools, and configurations to enhance compliance and security posture.
Guide clients through
external audits, assessments, and certification
activities.
Gain knowledge/expertise in the handling of
FOCI-mitigated clients
and associated compliance requirements.
Prepare and present technical findings and risk reports to executive and nontechnical audiences.
Perform other job‑related duties as assigned.
Qualifications
Bachelor’s degree in
Cybersecurity, Computer Science, Information Systems , or equivalent experience.
Extensive knowledge of:
DFARS 252.204-7012
and related DoD cybersecurity mandates.
NIST SP 800-171 ,
NIST SP 800-53 , and supporting frameworks.
National Industrial Security Program Operating Manual (NISPOM) .
CMMC 2.0
maturity levels, domains, and practices.
7+ years of experience in IT administration and security engineering.
5+ years working in the
defense sector
supporting compliance or accreditation efforts.
2+ years of experience administering
Office 365 GCC High / Azure Gov Cloud
environments.
Familiarity with
Cisco, Meraki, and Fortinet
network products.
Experience with
VMware, Veeam, Microsoft Windows Server , and related management tools.
Experience with
vulnerability management
(e.g., Nessus, Qualys),
SIEM , and
endpoint protection
platforms.
Knowledge of
RMF ,
STIGs , and
DISA hardening standards .
Strong written and verbal communication skills; able to translate technical findings into business context.
US Citizenship required; ability to obtain or maintain DoD security clearance (Secret or higher).
Certifications
Required / Strongly Preferred:
CISSP, Cyber AB CCP/CCA, or equivalent.
Preferred:
CISM or CISA
CCSP or Azure Security Engineer Associate
CAP (Certified Authorization Professional)
CMMC Certified Professional (CCP) or CMMC Assessor (CCA)
Compensation & Benefits
Competitive compensation based on experience and certifications.
Flexible remote schedule and client engagement model.
Opportunities for professional growth within a rapidly expanding cybersecurity and compliance practice.
Access to ongoing
CMMC/DFARS/NIST
training, certification pathways, and mentorship programs.
#J-18808-Ljbffr