The Role
Lead and manage the Department of Defense information system security program, focusing on RMF lifecycle, IL5 compliance, and team mentorship.
Summary Generated by Built In
You will lead and scale our Department of Defense (DoD) IL5 SaaS and enclave security program. As the ISSM, you’ll drive the Risk Management Framework (RMF) lifecycle from initial categorization through Authorization to Operate (ATO) and continuous monitoring. You’ll partner with engineering to implement IL5-specific controls, enforce STIG/SRG compliance, and ensure our enclave is audit-ready. You will serve as the primary interface with Authorizing Officials (AOs), Security Control Assessors (SCAs), and government stakeholders, while coaching a small team to deliver sustained security excellence.
What You'll Do:
- RMF & ATO Leadership
- Own the RMF lifecycle: system categorization, control tailoring (NIST 800-53r5), evidence development, POA&M management, and AO briefings.
- Maintain eMASS records, packages, and artifacts; drive continuous monitoring cadence.
- Lead meeting DoD and organizational compliance obligations.
- IL5 Enclave Security Operations
- Design, implement, and mature SP and enclave security controls (boundary protections, identity/access, logging, incident response, vulnerability & patch management).
- Ensure STIG/SRG compliance (DISA guidance) and maintain situational awareness using ACAS, Nessus, and other compliance scanning tools.
- Map and validate inherited controls from AWS GovCloud, ensuring IL5 isolation is properly documented.
- Governance & Policy Compliance
- Ensure IS security measures align with applicable DoD and federal cybersecurity policies.
- Draft, review, and maintain cybersecurity policies, SOPs, and technical documentation.
- Oversee audit log monitoring, analysis, and reporting to meet DoD and organizational requirements.
- Stakeholder Engagement
- Act as primary interface with AOs, SCAs, auditors, partners, and mission owners.
- Translate risk posture, timelines, and remediation progress into executive-ready briefings.
- Support Configuration/Change Assurance Board (CAB) activities and provide risk-based recommendations.
- Team Coaching & Mentorship
- Supervise and mentor ISSO staff; establish operating cadence, SLAs, and dashboards.
- Prepare for SCA-V assessments and drive remediation through closure.
What You'll Bring:
- Experience
- 8–12+ years in cybersecurity, including 4+ years leading DoD RMF/ATO efforts.
- Prior experience supporting IL4/IL5 ATOs as an ISSO/ISSM.
- Hands-on eMASS and POA&M management expertise.
- Deep familiarity with NIST 800-53r5, DISA CC SRG, STIGs/SRGs, and continuous monitoring practices.
- Cloud security experience with AWS GovCloud, including IL5 isolation patterns.
- Certifications
- DoD 8570/8140 IAM III baseline certification (e.g., CISSP, CISM).
- CAP, PMP, or similar certifications preferred.
- Other Requirements
- Strong communication and executive briefing skills.
- U.S. citizenship and eligibility for DoD Secret clearance (preferred/required by most IL5 programs).
The reasonably estimated salary for this role at Everbridge ranges from $130,000 - $175,000 and may also include variable compensation. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition, Everbridge offers a wide range of best in class, comprehensive and inclusive employee benefits for this role including healthcare, dental, parental planning, and mental health benefits, disability income benefits, life and AD&D insurance, a 401(k) plan and match, paid time off, and fitness reimbursements.
Fair Chance Statement US & Canada
We are committed to providing equal employment opportunities in compliance with all applicable Federal, Provincial/State and Local laws, including the California Fair Chance Act and any local County Fair Chance Ordinance (or local equivalent). Pursuant to these and other relevant regulations, we consider qualified applicants with criminal histories in a manner consistent with the law.
For roles subject to background checks, the following material job duties may be affected by an applicant’s criminal history:
- Access to sensitive or confidential information, such as financial records, proprietary data, or client information.
- Management of cash, company funds, or other valuable assets.
- Work in environments requiring heightened security measures.
- Compliance with contractual or regulatory requirements specific to the position.
We evaluate each applicant's criminal history individually, considering its nature, timing, and relevance to the specific job duties, while maintaining our commitment to fair hiring practices and promoting workplace equity.
About Everbridge
Everbridge empowers enterprises and government organizations to anticipate, mitigate, respond to, and recover stronger from critical events. In today’s unpredictable world, resilient organizations minimize impact to people and operations, absorb stress, and return to productivity faster when deploying critical event management (CEM) technology. Everbridge digitizes organizational resilience by combining intelligent automation with the industry’s most comprehensive risk data to Keep People Safe and Organizations Running™. For more information, visit www.everbridge.com, read the company blog, and follow on Twitter. Everbridge… Empowering Resilience
Everbridge is an Equal Opportunity/Affirmative Action Employer. All qualified Applicants will receive consideration for employment without regard to race, creed, color, religion, or sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.
Top Skills
Acas
Aws Govcloud
Disa Cc Srg
Emass
Nessus
Nist 800-53R5
Stigs/Srgs
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Keeping People Safe and Businesses Running. Faster.
Everbridge, Inc. (NASDAQ: EVBG) is a global software company that provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to Keep People Safe and Businesses Running™. During public safety threats such as active shooter situations, terrorist attacks or severe weather conditions, as well as critical business events including IT outages, cyber-attacks or other incidents such as product recalls or supply-chain interruptions, over 5,300 global customers rely on the company’s Critical Event Management Platform to quickly and reliably aggregate and assess threat data, locate people at risk and responders able to assist, automate the execution of pre-defined communications processes through the secure delivery to over 100 different communication devices, and track progress on executing response plans.
.png)
.png)
