ISSM

Description

Jaxon Engineering is looking for an On-Site Information Systems Security Manager - ISSM to join our team. 

Jaxon is the leading full-service provider of High-altitude Electromagnetic Pulse (HEMP) services worldwide, delivering world-class engineering, testing, construction, and sustainment services. Jaxon offers an outstanding benefits package, competitive pay, and a culture that is unmatched. We collaborate and thrive on our core value of ownership. In both success and failure, we push to get better individually and as a team.

Security Clearance: Ability to obtain a Department of Defense (DOD) Secret clearance or higher is required for this role. All clearance-related costs will be covered by the employer. 

Salary: $120,000-$160,000 annually, based on experience and qualifications. 

Benefits: 

• Excellent medical, dental, and vision plans  
• Life insurance at 2.5x your annual base salary 
• Comprehensive wellness program and amenities 
• Short and long-term disability insurance  
• Paid time off and company-observed holidays 
• 401(k) with employer match 

The Jaxon Experience: 

• Jaxon Kitchen Fridays, our end-of-week tradition where the team gathers for good food, good company, and a chance to unwind the work week together.  
• Annual Golf Tournament that brings out everyone’s competitive spirit; pros, rookies, and “I’m just here for the cart snacks” people alike.  
• A Christmas Event Like No Other, legendary for a reason; traditions, surprises and the kind of magic only Jaxon can pull      off. AND a Kids’ Christmas Celebration that brings out the joy, the crafts, and the wide-eyed wonder of the season. 
• Super Bowl Party because friendly rivalry, good food, and loud cheering are practically part of our job description. And of course, the day after the super bowl is a company paid holiday, because we believe in recovery, rest, and reliving the best plays and commercials.   

All the good times we talk about are here to build connection, not obligations. Participation is always optional, because ownership includes owning your time and your comfort level. Nothing in this section is meant to create a contractual benefit, just a glimpse into the way we show up for each other and make Jaxon more than a place to work! 

Requirements

As part of our team, you’ll take ownership of Jaxon’s security and compliance posture and continuously strengthen and demonstrate it, leading initiatives that keep Jaxon sharp, resilient, and ahead of the curve. This role works alongside the IT Manager and Financial Systems Manager and reports directly to the Finance Director. Your day-to-day will include: 

• Performing audits and assessments of internal information systems to ensure integrity and compliance. 
• Challenging the status quo and championing security best practices across the organization. 
• Investigate security alerts, coordinate vulnerability assessments, and validate configuration compliance across enterprise systems. 
• Developing, updating, and maintaining security documentation including policies, System Security Plans (SSP), SOPs, POA&Ms, system diagrams, and related compliance documentation supporting regulatory & certification requirements that align with frameworks such as RMF, NIST 800-171, CMMC, ISO 27001, and UK Cyber Essentials. 
• Coordinating and supporting third-party audits and certification activities in partnership with IT and oversight teams.  Track remediation activities and ensure closure of security findings. 
• Driving consistent maintenance rhythms and enforcing standards for IT system health and security. 
• Work closely with IT manager, and provide guidance to IT on secure provisioning, configuration baselines, patching, backups, and system hardening for Windows and Linux environments.  
• Provide security guidance and recommendations to leadership on risk decisions, system changes, and security priorities across the organization. 
• Assist in the selection and distribution of employee directed training modules for annual security, insider threat, and cyber training program, ensuring completion across the organization. 
• Provide cyber security guidance to leadership, IT, and operational teams, translating technical risks into practical business decisions. Monitor and report on security posture metrics, vulnerabilities, and compliance status to leadership. 
• Develop, maintain, and manage clear, professional, audit-ready security documentation, and coordinate with internal teams to ensure required policies, user agreements, SOPs, system and information flow diagrams, security plans, and compliance artifacts are complete, accurate, and aligned with organizational and regulatory requirements, using tools such as Word, Excel, and Visio. 
• Establish and maintain continuous monitoring processes to ensure ongoing compliance with security controls and regulatory requirements.  Identify opportunities to simplify processes, strengthen controls, and improve overall security posture without adding unnecessary complexity.  
• Maintain awareness of emerging threats and evolving compliance requirements, ensuring the organization stays ahead of risk. Support incident response activities and ensure lessons learned are incorporated into security processes and controls. 
• Promote a culture of security awareness and accountability across the organization. 

Required Job Qualifications: 

To thrive in this role, you’ll bring a mix of experience, expertise, and a commitment to excellence: 

• 5+ years of experience in Information Security planning, including artifact creation, documentation, and policy development. 
• Prior performance in roles such as ISSO, ISSM, ISSP, or Auditor. 
• 4+ years in a Security Analyst or similar role, with hands-on exposure to security operations. 
• 4+ years of systems administration or other practical IT experience. 
• DoD 8570 IAM Level I or higher certification (e.g., Security+, CAP, GSLC). 
• Proven ability to  perform, and support internal and external security audits.  
• Strong proficiency in reading, writing, comprehension, typing, and working with office/web applications. 

Desired Job Qualifications: 

• Experience with eMASS for managing security authorization packages and compliance documentation.  
• Bachelor’s Degree a  Plus, in related field (Computer Science / Cybersecurity / Computer Information Systems, etc.) 

Who we’re looking for 

• At Jaxon, information security isn’t just a job, it’s part of how we win together. You take ownership, stay curious, and know that protecting systems is a team effort. You’re proactive, detail-oriented, and always looking for ways to make things better. 
• You communicate clearly, build trust, and are excited about Jaxon’s mission to serve customers and protect critical infrastructure.  
• You follow the rules when they matter, but you’re not afraid to step up and solve problems when things get tricky. Jaxon is a unique company, unique culture, and uses unique solutions to solve problems.  
• You know your stuff; information assurance, risk management, DoD requirements, and you’re ready to keep learning, but you also have a pragmatic perspective on government regulation.
• You’re comfortable in fast-moving environments and confident making decisions that keep systems safe. If you believe security is about responsibility, creativity, and collaboration, you’ll feel right at home here. 

Application Deadline: Rolling – open until filled; candidates are encouraged to apply early.

Duties and responsibilities may evolve based on project needs and operational requirements. This description does not cover every task or expectation associated with the role.  

Jaxon does not discriminate in employment opportunities or practices on the basis of race, color, ethnicity, national origin, religion, sex, age, disability, sexual orientation, genetic information, or military status.