Information Systems Security Manager

CHAOS Industries is redefining modern defense with a multi-product portfolio that gives the ultimate advantagedomain dominance. The companys products are powered by Coherent Distributed Networks (CDN) empowering warfighters commercial air operators and border protection teams to act faster adapt rapidly and stay ahead of evolving threats.

CHAOS Industries was founded in 2022 and has raised a total of $1 billion in funding from leading investors including 8VC Accel and Valor Equity Partners. The company is headquartered in Los Angeles with offices in Washington D.C. San Francisco San Diego Seattle and London. For more information please visit .

Role Overview:

CHAOS Industries seeks an experienced Information Systems Security Manager (ISSM) to serve as the primary security authority for classified information systems across one or more Program Security Authorization Boundaries (PSABs). The ISSM will be responsible for the end-to-end security posture of program systems driving risk management decisions and ensuring compliance with applicable government regulations and contractual requirements. This role interfaces directly with government Authorizing Officials (AOs) Program Managers and cross-functional engineering teams to sustain Authorization to Operate (ATO) for complex multi-domain environments.

Responsibilities:

• Authorization & Compliance
  • Develop maintain and submit system Security Authorization Packages in accordance with NIST SP 800-37 RMF ICD 503 JSIG and DAAPM frameworks.
  • Manage the full lifecycle of ATOs including continuous monitoring annual reviews and Plan of Action & Milestones (POA&Ms).
  • Serve as the primary liaison to government AO/ISSM/ISSO community for all classified system authorization activities.
  • Ensure compliance with DCSA DSS and applicable IC community security policies across all assigned programs.
• System Security Engineering & Risk Management
  • Conduct and review security assessments risk analyses and vulnerability scans (Nessus ACAS SCAP) to identify and remediate risks.
  • Develop and maintain System Security Plans (SSPs) Security Concept of Operations (CONOPS) hardware/software baseline documentation and interconnection agreements.
  • Evaluate proposed changes to hardware software and firmware for security impact; approve or reject changes in accordance with the Configuration Management (CM) process.
  • Oversee implementation and validation of STIG/SRG hardening requirements across Windows Linux and network infrastructure.
• Personnel & Program Support
  • Supervise and mentor ISSOs supporting assigned programs; provide guidance and review of ISSO-generated artifacts.
  • Conduct security briefings annual refresher training and onboarding education for cleared program personnel.
  • Investigate and report security incidents anomalies and potential compromise events in accordance with reporting requirements.
  • Support program proposal activities including security cost estimates security architecture inputs and DD254 reviews.
• Audit & Continuous Monitoring
  • Implement and oversee continuous monitoring strategies including log management audit trail reviews and SIEM integration.
  • Conduct periodic self-inspections security reviews and audit activities; track findings to closure.
  • Coordinate with Facilities Security Officers (FSOs) and Physical Security personnel to ensure integrated program protection.

Minimum Requirements:

• Bachelors degree in Cybersecurity Computer Science Information Systems or a related technical discipline. Equivalent experience considered in lieu of degree.
• 8 years of experience in information security with a minimum of 4 years serving in an ISSM or senior ISSO role on classified U.S. Government programs.
• Demonstrated experience managing RMF-based ATOs for classified systems (Secret Top Secret TS/SCI) under ICD 503 JSIG or DAAPM.
• Experience with ACAS/Nessus SCAP tools and security technical implementation guidance (STIGs).
• Hands-on experience with Windows Server RHEL/CentOS VMware and network security architectures.
• IAM Level III certification required: CISSP CISM or GSLC (IAW DoD 8570.01-M / DoD 8140).
• Active Secret clearance required at time of hire; TS/SCI eligibility preferred or required depending on program assignment.

Preferred Requirements:

• Active TS.
• Experience with Special Access Programs (SAPs) Sensitive Compartmented Information Facilities (SCIFs) or Special Access Facilities (SAFs).
• Familiarity with Cross Domain Solutions (CDS) multi-level security architectures or Type 1 encryption devices.
• Knowledge of CMMC Level 2/3 requirements and their intersection with classified program requirements.
• Experience with cloud security (AWS GovCloud Azure Government) within classified or CUI environments.
• Prior experience working with DCSA NSA DIA or Air Force ISSM community personnel.
• Additional certifications: CAP Security CASP CEH or equivalent.

Why CHAOS

• Health Benefits: Medical dental and vision benefits 100% paid for by the company
• Additional benefits: 401k ( 50% company match up to 6% of pay) FSA HSA life insurance and more
• Our Perks: Free daily lunch No meeting Fridays unlimited PTO casual dress code
• Compensation Components: Competitive base salaries generous pre-IPO stock option grants relocation assistance and (coming soon!) annual bonuses
• Team Growth: 250 employees and counting across 5 global offices

The stated compensation range reflects only the targeted base compensation range and excludes additional earnings such as bonus equity and benefits. If your compensation requirements fall outside of the range we still encourage you to apply. The salary range for this role is an estimate based on a range of compensation factors inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience education and/or training critical skills and/or business considerations.

Recruiting Agencies: CHAOS Industries does not accept unsolicited resumes or outreach. Unsolicited submissions will not be reviewed or compensated.

#LI-onsite