Information Systems Security Manager

CHAOS Industries is redefining modern defense with a multi-product portfolio that gives the ultimate advantage—domain dominance. The company's products are powered by Coherent Distributed Networks (CDN™), empowering warfighters, commercial air operators, and border protection teams to act faster, adapt rapidly, and stay ahead of evolving threats. 

CHAOS Industries was founded in 2022 and has raised a total of $1 billion in funding from leading investors, including 8VC, Accel, and Valor Equity Partners. The company is headquartered in Los Angeles, with offices in Washington, D.C., San Francisco, San Diego, Seattle, and London. For more information, please visit www.chaosinc.com.

Role Overview:

CHAOS Industries seeks an experienced Information Systems Security Manager (ISSM) to serve as the primary security authority for classified information systems across one or more Program Security Authorization Boundaries (PSABs). The ISSM will be responsible for the end-to-end security posture of program systems, driving risk management decisions, and ensuring compliance with applicable government regulations and contractual requirements. This role interfaces directly with government Authorizing Officials (AOs), Program Managers, and cross-functional engineering teams to sustain Authorization to Operate (ATO) for complex, multi-domain environments.

Responsibilities:  

• Authorization & Compliance 
  
  
  
  • Develop, maintain, and submit system Security Authorization Packages in accordance with NIST SP 800-37 RMF, ICD 503, JSIG, and DAAPM frameworks. 
  
  
  • Manage the full lifecycle of ATOs including continuous monitoring, annual reviews, and Plan of Action & Milestones (POA&Ms). 
  
  
  • Serve as the primary liaison to government AO/ISSM/ISSO community for all classified system authorization activities. 
  
  
  • Ensure compliance with DCSA, DSS, and applicable IC community security policies across all assigned programs. 
  
  
  
  


• System Security Engineering & Risk Management 
  
  
  
  • Conduct and review security assessments, risk analyses, and vulnerability scans (Nessus, ACAS, SCAP) to identify and remediate risks. 
  
  
  • Develop and maintain System Security Plans (SSPs), Security Concept of Operations (CONOPS), hardware/software baseline documentation, and interconnection agreements. 
  
  
  • Evaluate proposed changes to hardware, software, and firmware for security impact; approve or reject changes in accordance with the Configuration Management (CM) process. 
  
  
  • Oversee implementation and validation of STIG/SRG hardening requirements across Windows, Linux, and network infrastructure. 
  
  
  
  


• Personnel & Program Support 
  
  
  
  • Supervise and mentor ISSOs supporting assigned programs; provide guidance and review of ISSO-generated artifacts. 
  
  
  • Conduct security briefings, annual refresher training, and onboarding education for cleared program personnel. 
  
  
  • Investigate and report security incidents, anomalies, and potential compromise events in accordance with reporting requirements. 
  
  
  • Support program proposal activities including security cost estimates, security architecture inputs, and DD254 reviews. 
  
  
  
  


• Audit & Continuous Monitoring 
  
  
  
  • Implement and oversee continuous monitoring strategies including log management, audit trail reviews, and SIEM integration. 
  
  
  • Conduct periodic self-inspections, security reviews, and audit activities; track findings to closure. 
  
  
  • Coordinate with Facilities Security Officers (FSOs) and Physical Security personnel to ensure integrated program protection. 
  
  
  
  

 Minimum Requirements: 

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related technical discipline. Equivalent experience considered in lieu of degree. 


• 8+ years of experience in information security with a minimum of 4 years serving in an ISSM or senior ISSO role on classified U.S. Government programs. 


• Demonstrated experience managing RMF-based ATOs for classified systems (Secret, Top Secret, TS/SCI) under ICD 503, JSIG, or DAAPM. 


• Experience with ACAS/Nessus, SCAP tools, and security technical implementation guidance (STIGs). 


• Hands-on experience with Windows Server, RHEL/CentOS, VMware, and network security architectures. 


• IAM Level III certification required: CISSP, CISM, or GSLC (IAW DoD 8570.01-M / DoD 8140). 


• Active Secret clearance required at time of hire; TS/SCI eligibility preferred or required depending on program assignment. 

Preferred Requirements: 

• Active TS. 


• Experience with Special Access Programs (SAPs), Sensitive Compartmented Information Facilities (SCIFs), or Special Access Facilities (SAFs). 


• Familiarity with Cross Domain Solutions (CDS), multi-level security architectures, or Type 1 encryption devices. 


• Knowledge of CMMC Level 2/3 requirements and their intersection with classified program requirements. 


• Experience with cloud security (AWS GovCloud, Azure Government) within classified or CUI environments. 


• Prior experience working with DCSA, NSA, DIA, or Air Force ISSM community personnel. 


• Additional certifications: CAP, Security+, CASP+, CEH, or equivalent. 

Why CHAOS?

• Health Benefits: Medical, dental, and vision benefits 100% paid for by the company


• Additional benefits: 401k (+ 50% company match up to 6% of pay), FSA, HSA, life insurance, and more


• Our Perks: Free daily lunch, ‘No meeting Fridays’, unlimited PTO, casual dress code


• Compensation Components: Competitive base salaries, generous pre-IPO stock option grants, relocation assistance, and (coming soon!) annual bonuses


• Team Growth: 250 employees and counting across 5 global offices

The stated compensation range reflects only the targeted base compensation range and excludes additional earnings such as bonus, equity, and benefits. If your compensation requirements fall outside of the range, we still encourage you to apply. The salary range for this role is an estimate based on a range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. 

Recruiting Agencies: CHAOS Industries does not accept unsolicited resumes or outreach. Unsolicited submissions will not be reviewed or compensated.

#LI-onsite