Information System Security Manager

Position Summary

We are seeking a highly skilled and self‑directed Information System Security Manager (ISSM) to serve as the cybersecurity authority for an organization of approximately 600 employees. This individual will function as the ISSM/ISSO, collaborating with respective teams on the full lifecycle of information system security — from daily operational execution to long‑term strategic planning and enterprise risk management. The organization handles Controlled Unclassified Information (CUI) as its primary data classification, with additional responsibilities for ITAR and EAR regulated data, and a long‑term trajectory to extend operations into classified environments. The successful candidate will build, maintain, and mature the cybersecurity program across all of these domains. This is a leadership‑level individual contributor role with significant organizational visibility and autonomy.

DoD 8140 / DCWF Alignment

This position maps to the DCWF Work Role 722 — Information Systems Security Manager within the Oversee and Govern (OV) category, Cybersecurity Management specialty area. Candidates must meet or be prepared to meet the following DoD 8140.03 qualification requirements.

Key Responsibilities

• Serve as the single ISSM/ISSO for the organization; own system authorization, continuous monitoring, and Plan of Action & Milestones (POA&M) management across all information systems.
• Implement, assess, and maintain security controls aligned with NIST SP 800‑53 (Rev. 5), NIST SP 800‑171, and CMMC Level 2+ requirements.
• Harden endpoints, servers, and network infrastructure using DISA STIGs and CIS Benchmarks; manage deviation requests and document compensating controls.
• Conduct and coordinate vulnerability scanning, remediation tracking, audit log reviews, and incident response activities.
• Manage and maintain System Security Plans (SSPs), security assessment reports, risk assessments, and all authorization artifacts.
• Monitor security tooling (SIEM, vulnerability scanners, endpoint protection, DLP) and ensure operational effectiveness.
• Execute ongoing continuous monitoring activities consistent with NIST SP 800‑137 and organizational CONMON strategies.

• Develop and drive the organization’s multi‑year cybersecurity strategy and roadmap, including CMMC certification readiness, classified environment standup, and CUI protection program maturity.
• Author, review, and maintain cybersecurity policies, standards, and procedures aligned with federal regulations.
• Provide cybersecurity risk assessments and recommendations to senior leadership; translate technical risk into business impact.
• Lead the organization through CMMC assessment preparation and serve as the primary point of contact for C3PAO assessors and DIBCAC reviews.
• Plan and oversee the transition from CUI‑only operations to classified processing capability, including infrastructure design and policy development.
• Develop and deliver cybersecurity awareness training for all 600+ employees, including role‑based training for privileged users and executives.
• Manage relationships with external auditors, assessors, government customers, and regulatory bodies.

Required Qualifications

Education & Experience

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related discipline. Equivalent combination of education, certifications, and direct experience will be considered.
• 7+ years of progressive experience in information security, with at least 3 years in an ISSM or senior‑level ISSO role.
• Demonstrated experience operating as a sole security practitioner or leading security functions with minimal oversight.

Technical Knowledge — Required

• Policy Development: Demonstrated ability to author clear, enforceable security policies and communicate them effectively to technical and non‑technical audiences.
• NIST SP 800‑53 (Rev. 5): Deep knowledge of control families; ability to select, implement, assess, and monitor controls for moderate‑to‑high baseline systems.
• NIST SP 800‑171 / CMMC: Hands‑on experience implementing the 110 CUI security requirements and preparing an organization for CMMC Level 2 assessment.
• DISA STIGs: Proficiency in applying, scanning for, and validating STIG compliance across Windows, Linux, network, and application platforms using STIG Viewer, SCAP tools, or equivalent.
• CIS Benchmarks: Experience applying CIS hardening standards and using CIS‑CAT or equivalent assessment tooling to validate compliance.
• Risk Management Framework (RMF): End‑to‑end experience with NIST RMF (SP 800‑37) system authorization lifecycle — categorize, select, implement, assess, authorize, monitor.
• CUI Program Management: Experience building or maturing a CUI protection program, including marking, handling, dissemination, storage, destruction, and incident reporting.
• ITAR / EAR: Working knowledge of export control regulations and their intersection with cybersecurity requirements (access control, data segregation, technology control plans).
• Security Tooling: Practical experience with SIEM platforms, vulnerability management tools (Tenable, Rapid7, or equivalent), endpoint detection and response (EDR), and data loss prevention (DLP).
• Incident Response: Experience developing and executing incident response plans, conducting preliminary investigations, and coordinating reporting to DISA, DC3, or sponsoring agency.

Preferred Qualifications

• Provide subject‑matter expertise in physical security controls in coordination with or in support of the Facility Security Officer (FSO).
• Advise on and oversee TEMPEST countermeasures, shielding requirements, and inspections for facilities processing sensitive or classified information.
• Support implementation of physical access controls, visitor management, alarm systems, and closed area / restricted area requirements.
• Participate in facility accreditation activities and self‑inspections.

Preferred Certifications

• CISSP — Certified Information Systems Security Professional
• CISM — Certified Information Security Manager
• *This position may require U.S. Citizenship or Permanent Residency status in the future depending on federal requirements.*

What We Offer

Salary : $141,000‑$195,000 per year (good‑faith estimate)

Benefits & Other Eligible Compensation : Includes health, dental, vision, disability and life insurance, 401(k) plan with company match, paid time off, annual bonus, and tuition reimbursement.

Polar Semiconductor is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind. We are committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions are based on business needs, job requirements, and individual qualifications, without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, veteran status, or any other status protected by the laws or regulations in the locations where we operate.

About Us

At Polar Semiconductor, we’re on a mission to fulfill our future as the U.S. based manufacturing partner of choice for differentiated power and sensor technologies. With a $525M investment from the CHIPs Act, the state of Minnesota, and private equity, we are looking for the best in the industry to help Polar transform from a captive fab to a pure‑play foundry. We are doubling our manufacturing capacity and investing in advanced BCD and Wide Bandgap technology such as GaN. Polar has a long history in manufacturing automotive grade semiconductors and we are expanding in strategic markets such as national defense and AI data centers. We pride ourselves on state‑of‑the‑art semiconductor manufacturing, a collaborative culture, and a commitment to helping our customers succeed.