Information System Security Manager, NF4

Marine Corps Community Services (MCCS) is looking for the best and brightest to join our Team! MCCS is a comprehensive program that supports and enhances the quality of life for Marines, their families, and others in the Marine Corps Community. We offer a team oriented environment comprised of military personnel, civilian employees, contractors and volunteers who keep the organization functioning smoothly and effectively.

**Qualifications:**
Bachelor's Degree in Information Technology or Business related field appropriate to the work of position AND four years of experience performing specific tasks within hands-on security assessment, quality assurance, PCI DSS experience, or cybersecurity (CY): OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above, OR appropriate experience that demonstrates that the applicant has acquired the knowledge, skills, and abilities equivalent to that gained in the above. Certification at the DoW 8140.01 Advanced level (i.e. Certified Information Systems Security Professional (CISSP) or other Advanced certification) is required or equivalent level education and appropriate experience with DoW system security and cybersecurity / information assurance (IA) policy and procedures. As an authorized and privileged user of Department of War Information Systems, must fulfill the requirement to complete Cybersecurity Awareness training as a condition of access within six months of employment, and must be completed annually thereafter. Expertise in: -Enterprise vulnerability and risk management across cloud and containerized environments, including assessment oversight, remediation validation, and executive-level reporting. -Security control validation and compliance governance aligned with DISA STIGs, RMF, DoD Cloud SRG, FedRAMP, and NIST frameworks for IaaS, PaaS, and SaaS systems. Proficient in / Experience with: -RMF and cybersecurity authorization activities for cloud-hosted, virtualized, and traditional systems, including policy development, documentation, and coordination with DoD and FedRAMP-authorized services. -Cybersecurity program leadership spanning vulnerability assessment, incident response, compliance reporting, and project management within USMC/USN enterprise environments. Broad Knowledge of: -Enterprise security architecture and operations, including coding, networking, system administration (Windows/Linux), container security, patch/configuration management, and incident response across on-prem and cloud native environments. -DoD / DON / USMC and industry cybersecurity frameworks, including DoDI 8500.01/8510.01, NIST SP 800-series, DevSecOps security guidance, container hardening PCI DSS, and RMF/authorization support tools.