Information Systems Security Officer Manager

Tyto Athene is searching for an Information Systems Security Officer (ISSO) Manager to support our Defense Health Agency (DHA) customer in Aurora, CO. This contract is accountable for the management and operation of the integrated set of financial management, acquisition support, contract management, and contract operations applications supporting the Procure-to-Pay, Budget-to-Report, and Order-to-Cash processes. This ISSO role is critical in safeguarding the organization's IT infrastructure and maintaining the confidentiality, integrity, and availability of information.

Responsibilities:

• Develop, implement, and enforce information security policies and procedures.
• Ensure compliance with security standards, regulations, and best practices (e.g., NIST, FISMA, HIPAA).
• Monitor and assess the effectiveness of the security program and make improvements as needed.
• Conduct security risk assessments to identify vulnerabilities in systems, applications, and networks.
• Provide recommendations to mitigate risks and protect organizational assets.
• Conduct regular vulnerability scans, security assessments, and audits.
• Oversee the detection, response, and management of security incidents and breaches.
• Analyze and investigate security incidents, identify root causes, and implement corrective actions.
• Coordinate with the Incident Response Team (IRT) and other stakeholders to resolve security threats.
• Ensure that security policies and procedures are compliant with legal and regulatory requirements.
• Perform regular compliance audits to ensure systems meet security standards.
• Provide guidance to ensure the organization's systems meet security certification requirements (e.g., ISO 27001, SOC 2).
• Develop and conduct security training programs for staff and users to promote security best practices.
• Raise awareness about phishing, social engineering, and other common security threats.
• Provide security guidance and recommendations to staff on how to safely handle sensitive information.
• Collaborate with IT teams, management, and other departments to ensure the security of organizational systems.
• Prepare regular reports on the status of the organization's security posture and any security incidents.
• Advise senior leadership on security risks and mitigation strategies.
• Responsible for managing and proving oversight to the Compliance and Continuous Monitoring teams

Required:

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field.
• Certifications such as CISSP, CISM, CISA, or CompTIA Security are often preferred.
• Proven experience in information security, risk management, or IT operations.
• Strong knowledge of security frameworks (e.g., NIST, ISO 27001, COBIT).
• Experience with security tools and technologies (e.g., firewalls, intrusion detection systems, encryption, and vulnerability scanning).
• Familiarity with regulatory requirements such as FISMA, HIPAA, and GDPR.
• Experience performing Continuous Cybersecurity Monitoring, Intrusion Detection and Cyber Incident Response.

Desired:

• Cybersecurity Service Provider (CSSP) experience is preferred.
• Familiarity with Defense Health Agency is highly desired

Clearance: Active Secret Clearance Required

Location: Work is located 100% on government site in Aurora, CO

Benefits:

Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, Paid holidays, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and maternity/paternity leave