Company Overview
Hexagon US Federal is a proxy-governed subsidiary of Hexagon AB providing an ever expanding portfolio of Hexagon Technologies to U.S. Federal Government organizations, including defense and intelligence agencies to meet a variety of mission requirements. With our unique capabilities and experience we transform state-of-the-art commercial technology into mission-specific solutions for our customers, partnering with them to solve their most challenging problems.
Quick Hits
Employees: 200
Operating Locations: Chantilly, VA (HQ); Huntsville, AL; Lanham, MD, and other client sites across the US
We are seeking an Information System Security Manager (ISSM) in Huntsville, AL.
A Day in the Life of an Information System Security Manager:
As an Information System Security Manager at Hexagon US Federal, you will be expected to provide strategic cybersecurity leadership, leading and prioritizing staff, and driving enterprise RMF execution and ATO sustainment across DoD environments.
Serve as the principal cybersecurity advisor to senior leadership, translating technical risk into mission and operational impact to support informed risk decisions.
Direct cybersecurity resource planning, backlog prioritization, and workforce alignment to ensure coverage for execution, continuous monitoring, and high-risk remediation.
Establish and oversee enterprise cybersecurity compliance while delegating execution to the ISSO and engineering staff while managing competing operational priorities.
Own the cybersecurity governance framework, approving policies, standards, and system boundary definitions aligned to DoD 8500-series and NIST SP 800-53 Rev. 5.
Provide strategic security architecture guidance to engineering and DevSecOps teams while enabling the team to focus on highest-risk activities.
Lead cybersecurity readiness for SCAs and A&A events, directing artifact preparation, managing team tasking, and representing the program during AO and assessor engagements.
Establish weekly prioritization cadence and backlog management to balance daily incident response with RMF sustainment activities.
Provide technical oversight and quality review of RMF artifacts, eMASS packages, and POA&M remediation plans.
Track and report enterprise cybersecurity KPIs including POA&M aging, vulnerability trends, and ATO sustainment health.
Thrive in leading cybersecurity operations and compliance for mission-critical, highavailability environments supporting DoD or public-safety missions.
Possess deep working knowledge of the Risk Management Framework (RMF) and DoD cybersecurity policy (NIST SP 800-53, CNSSI 1253, DoDI 8510.01), with the ability to translate requirements into executable team priorities.
Are an effective communicator who can bridge senior technical staff, program leadership, and government stakeholders while clearly articulating risk and operational impact.
Demonstrate sound judgment, disciplined decision-making, and the ability to balance competing priorities in a dynamic threat and compliance landscape.
Excel at establishing operating cadence, and driving accountability without excessive hands-on intervention.
Can operate effectively in fast-paced, agile environments by prioritizing high-risk work and maintaining steady progress toward ATO sustainment and continuous monitoring objectives.
Bachelor’s degree in cybersecurity, information assurance, computer science, or a related field, with 8-10+ years of experience in cybersecurity, information system security, or related technical field.
Security+ certification is required; advanced certifications such as CISSP, CASP+, or CISM are preferred.
Minimum 3-5 years experience of technical leadership experience
Demonstrated experience working within the Risk Management Framework (RMF), including control implementation oversight, assessment readiness, authorization support and continuous monitoring.
Hands-on familiarity with core cybersecurity toolsets including eMASS, STIGs/STIG Viewer, ACAS (Nessus/Tenable), and vulnerability scanning/assessment tools.
Experience leading or supporting NIST SP 800-53 Rev 5 control implementation and tailoring activities to align with system requirements preferred.
Strong understanding of the Authorization to Operate (ATO) process, including the development and maintenance of Plan of Action and Milestones (POA&Ms) and other required RMF artifacts.
Familiarity with FedRAMP controls and cloud security frameworks (AWS, Azure, or hybrid cloud environments) is a plus.
Demonstrated ability to lead and prioritize cyber team activities in fast-paced operational environments.
NONE
Must be a US Citizen and have the ability to obtain and maintain favorable adjudication for a Tier-1 or a National Agency Check Investigation (NACI)
The physical and mental demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions.
Ability to remain in a stationary position and operate a computer for extended periods.
Occasional ability to move or transport items up to 25 pounds.
Communicate effectively in English (verbal, written) and possess visual and auditory acuity for tasks and safety.
Manage multiple tasks, prioritize, and maintain focus in dynamic environments.
Demonstrate strong problem-solving, critical thinking, and analytical skills.
Maintain consistent attendance, punctuality, and high professional standards.
Work is performed primarily in a professional office and/or remote home office environment, subject to typical conditions.
HuntsvilleEX40mid
