ISSM - Information Security Service Manager

- Conduct audits and assessments of internal information systems to assure integrity and compliance. - Challenge existing practices and advocate for security best practices throughout the organization. - Investigate security notifications, coordinate vulnerability assessments, and validate configuration compliance across enterprise systems. - Develop, update, and maintain security documentation including policies, System Security Plans (SSP), SOPs, POA&Ms, system diagrams, and related compliance documentation to support regulatory and certification requirements aligned with frameworks like RMF, NIST 800-171, CMMC, ISO 27001, and UK Cyber Essentials. - Oversee and support third-party audits and certification processes alongside IT and oversight teams, tracking remediation activities and ensuring resolution of security findings. - Promote consistent maintenance routines and enforce standards for IT system health and security. - Collaborate closely with the IT manager, providing guidance on secure provisioning, configuration baselines, patching, backups, and system hardening for Windows and Linux environments. - Provide security insights and recommendations to leadership regarding risk decisions, system alterations, and security priorities within the organization. - Assist in the selection and distribution of security training modules for annual employee security, insider threat, and cyber training programs, ensuring organizational completion. - Offer cybersecurity guidance to leadership, IT, and operational teams, translating technical risks into actionable business decisions, while monitoring and reporting on security metrics, vulnerabilities, and compliance status to leadership. - Develop, maintain, and manage clear, professional, audit-ready security documentation, coordinating with internal teams to ensure required policies, user agreements, SOPs, system and information flow diagrams, security plans, and compliance artifacts are complete and aligned with organizational and regulatory requirements, utilizing tools like Word, Excel, and Visio. - Establish and maintain ongoing monitoring processes to ensure compliance with security controls and regulatory mandates. Identify opportunities for process simplification, control strengthening, and enhancement of overall security posture without unnecessary complexity. - Stay informed about emerging threats and evolving compliance requirements to ensure the organization remains proactive in managing risk. Support incident response actions and ensure lessons learned are integrated into security processes and controls. - Foster a culture of security awareness and accountability within the organization.