1

Issm Jobs in Boston, MA (NOW HIRING)

Information System Security Manager (ISSM) 2s primary function serves as a principal advisor on all matters, technical and otherwise, involving the security of information systems under their purview.

Information System Security Manager (ISSM) 1 primary function serves as a principal advisor on all matters, technical and otherwise, involving the security of information systems under their purview.

It will be required to work in close coordination with the ISSM and ISO in monitoring the information system(s) and its environment of operation to include developing and updating the authorization ...

It will be required to work in close coordination with the ISSM and ISO in monitoring the information system(s) and its environment of operation to include developing and updating the authorization ...

next page

Showing results 1-20

Issm information

See Boston, MA salary details

$50K

$128.6K

$200.4K

How much do issm jobs pay per year?

As of Jul 16, 2026, the average yearly pay for issm in Boston, MA is $128,550.00, according to ZipRecruiter salary data. Most workers in this role earn between $103,200.00 and $149,900.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive in the Issm position, and why are they important?

To excel as an Information System Security Manager (ISSM), you need a strong background in information security, risk management, and compliance, typically supported by a degree in cybersecurity, computer science, or a related field. Familiarity with security frameworks (such as NIST or ISO 27001), vulnerability assessment tools, and certifications like CISSP or CISM are commonly required. Leadership, attention to detail, and effective communication are important soft skills for managing security teams and collaborating across departments. These skills help ensure organizational data is protected, compliance standards are met, and business operations remain secure.

What is an ISSM job?

An Information Systems Security Manager (ISSM) is responsible for overseeing and implementing cybersecurity policies for an organization's information systems. They ensure compliance with security standards, manage risk assessments, and coordinate with security teams to protect sensitive data. ISSMs work closely with IT and leadership to develop and enforce security strategies that align with regulatory requirements.

What are the typical daily responsibilities of an Information System Security Manager (ISSM)?

An ISSM’s daily responsibilities often include overseeing the implementation and monitoring of security controls, performing regular risk assessments, and ensuring compliance with relevant security policies and regulations. You may also coordinate incident response efforts, review system access logs, and provide guidance to IT staff on best practices. Additionally, ISSMs frequently interact with auditors, senior management, and cross-functional teams to report on security findings and advise on system improvements. This role requires staying current with emerging threats and adapting security strategies to protect organizational assets effectively.

How much does an ISSM make?

An Information Systems Security Manager (ISSM) typically earns between $100,000 and $160,000 annually, depending on experience, certifications like CISSP, and the organization. Salaries in the Washington, D.C. area tend to be higher due to the demand for cybersecurity expertise in government and defense sectors.

What is the career path of the ISSM?

An Information Systems Security Manager (ISSM) typically advances through roles such as cybersecurity analyst, security engineer, and security architect before reaching the ISSM position. Career progression often involves gaining certifications like CISSP and experience in information security management, with opportunities to move into senior leadership or specialized security roles.

What can I do with an information systems management degree?

An information systems management degree prepares individuals for roles such as IT manager, systems analyst, network administrator, or cybersecurity manager. These positions involve overseeing technology infrastructure, managing IT projects, and ensuring data security, often requiring knowledge of project management, networking, and relevant certifications like CISSP or PMP.

Can you make $200,000 in cyber security?

Cybersecurity professionals, including roles like ISSM (Information Systems Security Manager), can earn $200,000 or more with extensive experience, advanced certifications (such as CISSP or CISM), and leadership responsibilities. Salaries vary based on industry, location, and organization size, with senior and specialized positions typically offering higher compensation.
What cities near Boston, MA are hiring for Issm jobs? Cities near Boston, MA with the most Issm job openings:
ISSM 2 102-022

ISSM 2 102-022

IC-CAP LLC

Bedford, MA • On-site

Full-time

Re-posted 10 hours ago


Job description

Information System Security Manager (ISSM) 2s primary function serves as a principal advisor on all matters, technical and otherwise, involving the security of information systems under their purview. Primary support will be working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, Office of the Secretary of Defense, and Military Compartment efforts. The position will provide day-to-day support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities.
Performance shall include:
  • Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructures
  • Develop and oversee operational information systems security implementation policy and guidelines of network security, based upon the Risk Management Framework (RMF) with emphasize on Joint
  • Special Access Program Implementation Guide (JSIG) authorization process
  • Advise customer on Risk Management Framework (RMF) assessment and authorization issues
  • Perform risk assessments and make recommendations to DoD agency customers
  • Advise government program managers on security testing methodologies and processes
  • Evaluate authorization documentation and provide written recommendations for authorization to government PMs
  • Develop and maintain a formal Information Systems Security Program
  • Ensure that all IAOs, network administrators, and other cyber security personnel receive the necessary technical and security training to carry out their duties
  • Develop, review, endorse, and recommend action by the AO or DAO of system assessment documentation
  • Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media
  • Develop and execute security assessment plans that include verification that the features and assurances required for each protection level functioning
  • Maintain a and/or applicable repository for all system authorization documentation and modifications
  • Institute and implement a Configuration Control Board (CCB) charter
  • Develop policies and procedures for responding to security incidents, to include investigating and reporting security violations and incidents
  • Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system
  • Ensure that data ownership and responsibilities are established for each authorization boundary, to include accountability, access rights, and special handling requirements
  • Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local cyber security training.
  • Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed
  • Assess changes in the system, its environment, and operational needs that could affect the authorization
  • Ensure that authorization is accomplished a valid Authorization determination has been given for all authorization boundaries under your purview
  • Review AIS assessment plans
  • Coordinate with PSO or cognizant security official on approval of external information systems (e.g., guest systems, interconnected system with another organization)
  • Conduct periodic assessments of the security posture of the authorization boundaries
  • Ensure configuration management (CM) for security-relevant changes to software, hardware, and firmware and that they are properly documented
  • Ensure periodic testing is conducted to evaluate the security posture of IS by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs)
  • Ensure that system recovery and reconstitution processes developed and monitored to ensure that the authorization boundary can be recovered based on its availability level determination
  • Ensure all authorization documentation is current and accessible to properly authorized individuals
  • Ensure that system security requirements are addressed during all phases of the system life cycle
  • Develop Assured File Transfers (AFT) on accordance with the JSIG
  • Participate in self-inspections
  • Conduct the duties of the Information System Security Officer (ISSO) if one is not present and/or available

Education and Experience:
  • Bachelor's degree and 7-9 years related experience -OR- 11-13 years of related experience in lieu of degree
  • Prior performance in roles such as ISSO or ISSM
  • SAP experience

Training and Certifications:
  • 8570.01-M IAM Level II (in lieu of IAT Level II)

Security Clearance:
  • Active TS/SCI and the willingness to sit for a polygraph, if needed

IC-CAP provides equal employment opportunities (EEO) to all applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status.