Position Details

Salary $130K – $189K USD / year

Type Not Specified

Experience senior

Exp. Years 3+ years

Education Not specified

Category Cybersecurity

About this role

Boeing is seeking a Cybersecurity - Information System Security Manager (ISSM) to lead implementation and sustainment of DFARS/NIST 800-171 and CMMC controls for systems handling CUI. The role manages security documentation, coordinates audits and remediation, and drives continuous monitoring and risk management.

Key Responsibilities

Lead ISSO cybersecurity governance for CUI/DFARS/CMMC systems
Maintain System Security Plans and POA&Ms
Coordinate audits and remediation with program stakeholders and assessors
Perform RMF-aligned risk assessments and oversee incident response
Oversee configuration management and continuous monitoring, including inventory assessments

Technical Overview

The technical scope includes RMF-aligned security governance and compliance for DFARS 252.204-7012 and NIST SP 800-171, mapped to CMMC requirements. Responsibilities include security analysis, configuration management oversight, incident response oversight, and coordinating assessment activities and tool-based scanning/remediation (NESSUS, ACAS, DISA STIGs, SCAP, HBSS).

Ideal Candidate

The ideal candidate is a senior information system security manager (ISSM) with 3+ years implementing and sustaining DFARS 252.204-7012 and NIST SP 800-171 controls mapped to Cybersecurity Maturity Model Certification (CMMC) requirements. They lead ISSO teams, maintain System Security Plans and POA&Ms, coordinate audits and remediation, and drive continuous monitoring and incident response for systems handling CUI.

Must-Have Skills

certification in good standing to satisfy IAM Level III (CISSPGSLCor CISM)5+ years of experience with cyber security policies and implementation of Risk Management Framework (RMF)3+ years of experience implementing and sustaining Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012/National Institute of Standards and Technology (NIST) SP 800-171 controls and mapping to Cybersecurity Maturity Model Certification (CMMC) requirementsDefense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012National Institute of Standards and Technology (NIST) SP 800-171Cybersecurity Maturity Model Certification (CMMC)

Nice-to-Have Skills

5+ years of experience as an information system security officer (ISSO) or information system security manager (ISSM) supporting classified programs5+ years of experience utilizing security relevant toolssystemsand applications in support of Risk Management Framework (RMF) to include NESSUSACASDISA STIGsSCAPAudit Reductionand HBSS

Tools & Platforms

NESSUSACASDISA STIGsSCAPAudit ReductionHBSSAudit Reduction (tool/process referenced in posting)

Required Skills

Information System Security Manager (ISSM)Information System Security Officer (ISSO)DFARS 252.204-7012NIST SP 800-171Cybersecurity Maturity Model Certification (CMMC)CUIRisk Management Framework (RMF)System Security PlansPOA&Msincident responseconfiguration managementrisk assessmentsaudit coordinationremediationDISA STIGsSCAPNESSUSACASHBSS

Hard Skills

Information System Security Manager (ISSM)Information System Security Officer (ISSO)cybersecurity governanceDefense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012National Institute of Standards and Technology (NIST) SP 800-171Cybersecurity Maturity Model Certification (CMMC)System Security PlansPlans of Action and Milestones (POA&Ms)risk managementRisk Management Framework (RMF)DAAPMCNSSI 1253ICD-503JSIGNIST SP 800 seriessecurity analysis of operational and development environmentsthreatsvulnerabilitiesinternal interfacesconfiguration managementsecurity posture integrityassessment and test/analysis datasecurity requirements compliance documentationrisk assessmentsincident responsehardware/software inventory assessmentsDFARSCUI protectioncontrolled unclassified information (CUI)DFARS/NIST complianceaudit coordinationremediationprotective mechanisms

Soft Skills

leadershipteam leadershipprogram managementcross-functional coordinationcommunication with program stakeholdersspokesperson communicationadvising management and customersrisk mitigation planninginvestigationownership of continuous compliance

Certifications

Required

CISSP (Certified Information Systems Security Professional)GSLC (GIAC Security Leadership Certification)CISM (Certified Information Security Manager)

Industry & Role

Industry Defense

Job Function Manage and sustain ISSM compliance for DFARS/NIST 800-171 and CMMC controls protecting CUI.

Role Subtype Security Analyst

Tech Domains Cybersecurity

Keywords for Your Resume

Cybersecurity - Information System Security Manager (ISSM)Information System Security Manager (ISSM)Information System Security Officer (ISSO)DFARS 252.204-7012Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012NIST SP 800-171National Institute of Standards and Technology (NIST) SP 800-171CMMCCybersecurity Maturity Model Certification (CMMC)CUIControlled Unclassified Information (CUI)IAM Level IIICISSPGSLCCISMRisk Management Framework (RMF)DAAPMCNSSI 1253ICD-503JSIGSystem Security PlansPOA&MsPlans of Action and Milestones (POA&Ms)incident responseconfiguration managementsecurity analysisDISA STIGsSCAPNESSUSACASHBSSsecurity relevant toolsaudit coordination

Deal Breakers

Must hold certification in good standing to satisfy IAM Level III (CISSP, GSLC, or CISM), Must have 5+ years experience with cyber security policies and implementation of Risk Management Framework (RMF), Must have 3+ years experience implementing and sustaining DFARS 252.204-7012/NIST SP 800-171 controls mapped to CMMC requirements

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile