Information Systems Security Engineer / Manager

SG2 Recruiting

Arlington, VA

JOB DETAILS
SKILLS
Access Authorization, Access Control, Aerospace and Defense, Auditing, Authentication, Aviation Industry, Business impact analysis (BIA), CCNP - Cisco Certified Network Professional, CEH - Certified Ethical Hacker, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Communication Skills, Compensation and Benefits, Computer Security, Contract Review, Cross-Functional, Disaster Recovery, Documentation, Enterprise Architecture, Enterprise Protection, Federal Government, Government, Government Contracts, High Tech Industry, Hybrid Cloud, ISO (International Organization for Standardization), Identity Data Management, Incident Response, Information Systems Security Engineering (ISSE), Information/Data Security (InfoSec), Internal Audit, Internet Security, JNCIA - Juniper Networks Certified Internet Associate, Leadership, Maintain Compliance, NIS (Network Information Service), Network Security, Regulations, Regulatory Compliance, Risk, Risk Analysis, Risk Management, Sarbanes-Oxley Act (SOX), Scalable System Development, Secret Clearance, Security Architecture, Security Information and Event Management (SIEM), Security Monitoring, Software Development, Software Engineering, Supply Chain, System Architecture, Systems Engineering, Technical Operations, Technical Support, Technical Writing, U.S. National Institute of Standards and Technology (NIST), United States Citizen, Vendor/Supplier Evaluation, Writing Skills
LOCATION
Arlington, VA
POSTED
3 days ago

SG2 Recruiting is partnering with Wind RiverX to identify an experienced Information Systems Security Engineer / Manager who thrives at the intersection of cybersecurity, compliance, secure systems engineering, and enterprise governance.

You'll be joining a rapidly growing defense technology organization supporting some of the nation's most critical missions. Reporting directly to the Senior Director of Compliance, you'll play an active role in building an enterprise cybersecurity program that enable secure innovation while ensuring compliance with Department of Defense, federal, and international security standards.

The ideal candidate has hands-on experience supporting highly regulated organizations—particularly FOCI-mitigated environments—and enjoys working alongside engineering, IT, security, and executive leadership to build scalable cybersecurity programs from the ground up.

What You Will Be Doing:

Lead Governance, Risk & Compliance (GRC)

  • Developing and maintaining enterprise cybersecurity governance programs
  • Driving compliance with ISO 27001, NIST 800-171, CMMC, RMF, SOX, GDPR, NIS2, TISAX, and related regulatory frameworksCreating and maintaining cybersecurity policies, standards, procedures, and governance documentation
  • Developing System Security Plans (SSPs), Electronic Communications Plans (ECPs), and Plans of Action & Milestones (POA&Ms)
  • Partnering with control owners to manage risks, exceptions, and continuous compliance improvements

Drive Enterprise Security Programs

  • Conducting cybersecurity risk assessments
  • Monitoring security controls and regulatory compliance
  • Supporting secure systems architecture and enterprise network security initiatives
  • Collaborating with engineering teams on secure identity management, authentication, authorization, and access control
  • Supporting secure cloud and hybrid infrastructure environments

Lead Audit Readiness

  • Preparing the organization for internal audits, customer assessments, and regulatory reviews
  • Coordinating audit evidence collection across cross-functional teams
  • Supporting CMMC assessments and RMF accreditation activities
  • Maintaining audit-ready documentation and cybersecurity artifacts

Strengthen Enterprise Resilience

  • Leading Business Impact Assessments (BIAs)
  • Maintaining business continuity and disaster recovery programs
  • Conducting tabletop exercises
  • Developing cyber incident response and continuity playbooks

Manage Third-Party Cybersecurity Risk

  • Performing vendor cybersecurity assessments
  • Evaluating supplier security documentation
  • Tracking remediation activities
  • Supporting cybersecurity contract reviews and right-to-audit requirements
  • Strengthening supply chain security posture

Partner Across the Business

  • Collaborating with Architecture, Engineering, Product Security, IT, and executive leadership
  • Supporting Government Security Committee initiatives
  • Delivering executive briefings on cybersecurity posture and organizational risk
  • Promoting cybersecurity awareness and role-based training programs

What You Need:

  • U.S. Citizenship and ability to obtain / maintain a Secret Clearance
  • Seven (7) or more years of cybersecurity, information assurance, GRC, compliance, or audit experience
  • Experience supporting DoD contractors, federal agencies, FOCI-mitigated organizations, or other highly regulated environments
  • Experience developing enterprise cybersecurity governance programs
  • Experience developing and maintaining SSPs, ECPs, and POA&Ms
  • Working knowledge of: ISO 2700, NIST 800-171, CMMC, RMF, SOX, GDPR, TISAX
  • Experience with cybersecurity compliance platforms and GRC tools
  • Strong technical writing, documentation, and communication skills
  • Ability to communicate effectively with executives, auditors, customers, and technical teams
  • Ability to meet with team members in Washington, DC Metro office monthly or as needed.

It's a Plus If You Have This:

  • Active Secret Clearance
  • Experience supporting FOCI-mitigated organizations
  • Experience establishing cybersecurity programs for newly formed organizations
  • Secure enterprise architecture experience
  • Enterprise networking expertise
  • SOC, SIEM, and SOAR strategy experience
  • Vendor Risk Management experience
  • Supply chain cybersecurity experience
  • Business continuity and disaster recovery leadership
  • Technical Operations Center experience
  • Experience with: Splunk, Nessus Security Center, WebInspect, Xacta, Tanium, Microsoft Azure, AWS/C2S, VMware, Nutanix, PowerShell, SQL Security, STIG compliance, SecDevOps
  • Professional certifications such as: CISSP, CISM, CISA, CEH, ITIL, CCNP, JNCIA, ISO Lead Auditor

What's In It For You:

  • Join a rapidly growing organization focused on national security innovation
  • Help shape enterprise cybersecurity strategy from the ground up
  • Work alongside experienced engineers, architects, and cybersecurity professionals
  • Influence security architecture supporting next-generation defense technologies
  • Competitive compensation and comprehensive benefits
  • Opportunity to make a direct impact on mission-critical U.S. defense programs

About the Company

Wind RiverX delivers advanced software and engineering solutions for mission-critical aerospace, defense, and intelligent edge systems, supporting some of the world's most demanding operational environments.

As a subsidiary of Wind River, whose software has powered aerospace, autonomous systems, commercial aviation, and defense platforms for more than four decades, Wind RiverX combines proven technical excellence with the speed and agility of a modern defense software company.

Working closely with government and industry partners, Wind RiverX develops secure, software-defined solutions that strengthen digital resilience across air, land, sea, cyber, and space domains. The company values collaboration, technical excellence, integrity, and innovation while empowering employees to solve some of the nation's most complex technology challenges.

About the Company

S

SG2 Recruiting