Issm Jobs in Oregon (NOW HIRING)

We're looking for an Information Systems Security Manager (ISSM) to lead the authorization and continuous compliance of LIGER, an enterprise AI platform for our DHS customer. You'll own the security management posture for the platform: developing and maintaining the authorization package, driving the Risk Management Framework (RMF) lifecycle, and serving as LIGER's primary security management interface to cyber leadership. This position requires a CBP Background Investigation;  U.S. citizenship is required.

This is a senior, accountable role. While the LIGER cyber engineering team handles hands-on implementation, you own the strategy, the artifacts, and the relationship with Authorizing Officials and ISSOs. You'll translate  DHS security policy into actionable program direction, lead assessment and authorization (A&A) activities, and make sure LIGER reaches and maintains its Authority to Operate (ATO).

LIGER sits within LMI's Chief Technology Office. We're a small, high-visibility team building AI tools for federal agencies. The culture is more startup than traditional government contractor; we move fast, solve problems in design spikes rather than scheduled reviews, and care more about outcomes than process. That said, we're building for users who need reliability and trust, so craft and attention to detail matter, especially in security.

As ISSM, you'll work daily with the platform lead, the cyber engineering team, and product leadership, and directly with cyber stakeholders. You'll set the security management direction for LIGER's deployment and have real influence over how the platform balances rigor with the pace of iteration.

LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed. 

Leveraging our mission-ready technology and solutions, provenexpertisein federal deployment, and strategic relationships, we enhance outcomes for the government, efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors-helping agencies navigate complexity and outpace change. Headquartered in Tysons, Virginia, LMI is committed to delivering impactful results that strengthen missions and drive lasting value. 

What You'll Do

Lead the full RMF lifecycle for LIGER's deployment, from system categorization and control selection through assessment, authorization, and continuous monitoring

Develop, maintain, and defend the authorization package: System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and supporting artifacts

Serve as LIGER's primary security management point of contact for Authorizing Officials, ISSOs, assessors, and cyber working groups

Advise LMI and government leadership on system risk levels, control effectiveness, and the cybersecurity posture of the platform, including emerging risks unique to AI/LLM systems

Develop and maintain LIGER security policies, procedures, and SOPs aligned to DHS requirements

Direct the work of cyber engineers and ISSOs supporting LIGER, ensuring activities align to compliance objectives and program timelines

Coordinate A&A activities across distributed teams, including engineering, infrastructure, and stakeholders

Track audit findings, remediation actions, and POA&M items to closure, escalating risks as needed

Interpret noncompliance and translate it into impact assessments and risk-informed mitigation plans

Support FedRAMP-aligned control implementation and inheritance where applicable

Stay current on evolving federal cybersecurity policy and translate changes into LIGER program direction

What We're Looking For

• Active CBP Background Investigation required;  U.S. citizenship is required.
• Bachelor's degree in Information Systems, Computer Science, Cybersecurity, or a related field
• 8+ years of experience in cybersecurity, information assurance, or related fields, with significant time in federal environments
• 5+ years of hands-on RMF experience, including ATO development and continuous monitoring against NIST 800-53
• Demonstrated experience leading authorization activities and serving as the primary security interface to government Authorizing Officials and assessors
• CISSP, CISM, or equivalent senior-level cybersecurity certification
• Experience securing LLM, GenAI, or agentic AI systems, including data handling, prompt and tool-call risk, and model output controls
• Strong working knowledge of cloud security in AWS, particularly GovCloud or similar high-compliance environments
• Experience writing, defending, and maintaining ATO-grade documentation that holds up to assessor and AO review
• Ability to translate compliance requirements into specific engineering work and direct technical staff toward closure
• Excellent written and verbal communication skills, with the ability to brief senior government and industry leaders on risk and compliance posture
•  

What Will Set You Apart

Active CBP Background Investigation or prior CBP/DHS program support

Direct experience leading ATO or continuous authorization for systems hosted at DHS, or another DHS component

Familiarity with DHS 4300A and specific cybersecurity policies and processes

FedRAMP authorization or assessment experience (Moderate or High)

Experience securing LLM, GenAI, or agentic AI systems in federal environments

Familiarity with CISA Binding Operational Directives, Continuous Diagnostics and Mitigation (CDM), or High Value Asset (HVA) program requirements

Experience with ATO documentation tooling (e.g., Xacta, OpenRMF, or similar)

Experience integrating security and compliance activities into DevSecOps pipelines