The Information System Security Officer (ISSO) is responsible for leading, maintaining, and continuously improving the organization's cybersecurity compliance program. The position serves as the primary coordinator for CMMC Level 2 activities and works across all departments to ensure cybersecurity remains integrated into normal business operations.
-
Serve as the primary owner and coordinator of the CMMC Level 2 compliance program and C3PAO assessment
- Maintain cybersecurity policies, procedures, documentation, and assessment
-
Coordinate internal reviews, corrective actions, and continuous improvement
-
Partner with the MSP and internal IT resources to ensure technical security controls remain effective and aligned with business needs.
-
Support the protection of Controlled Unclassified Information (CUI) and related information
- Work with Quality to integrate cybersecurity into the quality management system.
-
Support external assessments and cybersecurity-related compliance
- Provide cybersecurity awareness, guidance, and training across the
- Monitor regulatory and contractual cybersecurity requirements and recommend
-
Current SSP with accurate system scope, boundary, asset inventory, data flows, control narratives, and
- Current POA&M with ownership, due dates, risk notes, remediation status, and closure
- CMMC Level 2 evidence library mapped to applicable practices and assessment
-
Recurring control review calendar and completed review
- CUI handling procedure, CUI flow map, and department-specific work
- Training matrix and completion records for cybersecurity awareness, CUI handling, and user
- Internal audit results, corrective actions, and management review inputs related to
- Supplier and external service provider records relevant to CUI handling and cybersecurity
-
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or Information Systems preferred. Equivalent combinations of education, certifications, and relevant work experience may be considered.
-
Minimum 2 years of demonstrated cybersecurity or information technology experience supporting CMMC Level 2, NIST SP 800-171, DFARS 252.204-7012, or equivalent CUI cybersecurity compliance requirements; experience in an AS9100D or regulated manufacturing environment preferred.
-
Working knowledge of CUI handling, access control, MFA, endpoint protection, vulnerability management, incident response, configuration management, backup validation, logging, and account lifecycle management.
-
Ability to create and maintain SSPs, POA&Ms, policies, procedures, evidence libraries, audit records, and corrective action
- Experience coordinating across IT, Quality, Engineering, Operations, HR, Purchasing, Contracts, and external service
- Strong documentation discipline and ability to translate cybersecurity requirements into practical manufacturing
- Ability to conduct internal reviews, identify gaps, assign corrective actions, and verify closure