Share this Job

Information Systems Security Manager (ISSM)

Date: Apr 13, 2021

Location: Lynchburg, VA, US

Company: BWX Technologies

At BWX Technologies, Inc. (NYSE: BWXT), we are People Strong, Innovation Driven. Headquartered in Lynchburg, Va., BWXT provides safe and effective nuclear solutions for national security, clean energy, environmental remediation, nuclear medicine and space exploration. With approximately 6,400 employees, BWXT has 12 major operating sites in the U.S. and Canada. We are the sole manufacturer of naval nuclear reactors for U.S. submarines and aircraft carriers. Our company supplies precision manufactured components, services and fuel for the commercial nuclear power industry across four continents. Our joint ventures provide environmental remediation and nuclear operations management at more than a dozen U.S. Department of Energy and NASA facilities. BWXT’s technology is driving advances in medical radioisotope production in North America and microreactors for various defense and space applications. Follow us on Twitter at @BWXTech and learn more at


BWXT is currently seeking an Information Systems Security Manager for its Lynchburg, VA location!


The Advanced Technologies (AT) Information Systems Security Manager (ISSM) remains familiar with local conditions including prevailing laws, organizational culture, and business activities. This position is responsible for interpreting Cyber Security requirements and coordinating the implementation of controls to satisfy those requirements.  This will require regular interaction with business leadership to ensure Cyber Security activities align with business initiatives and ensure leadership remains informed of Cyber Security initiatives.  The ISSM is responsible for AT information system assessment and authorizations in accordance with U.S. Government regulatory requirements.  The ideal candidate will be highly motivated, a seasoned expert with leadership experience that is interested in achieving excellence, experienced in implementing compliance frameworks, and works effectively with minimal supervision.


Job Description/Duties:

  • Participating in the strategic planning process to transform the security architecture as threats, regulatory requirements, and the business changes.
  • Review, interpret, and guide the implementation of controls to satisfy regulatory and organization contractual requirements related to Cyber Security and the protection of privacy information.  Works with local management and staff to assist them with efforts to maintain compliance with Cyber Security requirements.
  • Ensures the development of policies and procedures to implement the Cyber Security program on all information systems.  Implements and maintains a Cyber Security self-assessment program, identifies corrective actions resulting from the self-assessments, and reports on the program status.
  • Actively participates in internal and external audits associated with Cyber Security compliance, including remediation of compliance issues found during audits.
  • Provides Cyber Security advice and perspective to users and management.  When questions or issues cannot be resolved locally, acts as a liaison with the Sr. IT Manager, Cyber Security for resolution at the corporate level.
  • Coordinates the activities of users, local Systems Administrators, and local Network Administrators to help ensure that all documented Cyber Security requirements have been met.
  • Provides a first level Cyber Security review of Information Technology (IT) solutions, IT upgrade proposals, business application development proposals, new IT implementation plans, operating system conversion plans, IT outsourcing plans, and related information systems change requests.
  • Participates in IT project management and steering committees to ensure Cyber Security concerns are considered during the planning and execution of IT projects and business initiatives.
  • Produces metrics for reporting Cyber Security risk, compliance, and security operations performance to the Chief Information Officer (CIO).
  • Manages information system assessment and authorizations throughout each step of the Risk Management Framework.
  • Ensures the development, documentation and presentation of Cyber Security education, awareness, and training activities for managers, IT personnel, information system owners, instrumentation and control system engineers, and general users.
  • Identifies and documents specific threats to information systems and information, develops and documents additional or modified protection measures for those threats, and obtains approvals for the modified protection measures.  Brings local Cyber Security issues, vulnerabilities, and compliance problems that have not been adequately addressed to the attention of the Sr. IT Manager, Cyber Security. 
  • Immediately reports to the Sr. IT Manager, Cyber Security all security incidents and violations, and ensures that these same incidents and violations are properly investigated and correctly resolved.  Participates in the Cyber Security Incident Response Team (CSIRT) and communicates incident reports to the appropriate organization and Government authorities.
  • Works with the Facility Security Officer on Cyber and Physical Security interrelated issues, training, reviews, etc., to ensure a unified security posture.


Job Qualifications/Requirements:

  • A minimum of a Bachelor’s degree in a related field is required.
  • Must possess at least ten (10) years of related experience.
  • Must have a working knowledge of IT system architectures, including technology infrastructure, data, and applications.
  • Must understand best practices for securing virtual infrastructure, operating systems, databases, applications, and externally hosted solutions.
  • Must have experience successfully implementing and assessing security controls and obtaining information system authorizations to operate (ATOs) in accordance with the NIST Risk Management Framework and NIST SP 800-53 security controls.
  • Must have excellent communications skills in order to effectively interact with business, Information Technology (IT) personnel, and Government agencies.
  • Must have a working knowledge of security frameworks and standards, ex:  ISO 27000 series, NIST SP 800-37, NIST SP 800-171, CMMC, CIS Critical Security Controls, OWASP, SSAE 16/18, etc.
  • Must currently hold a related certification, such as CISSP, GSLC, CISA, CISM, or CRISC.  The PMP certification is also desirable.
  • Must be able to maintain confidentiality when working with sensitive information.
  • Must be familiar with Communications Security (COMSEC) programs, including the use and maintenance of COMSEC equipment.
  • Prior experience in the nuclear energy industry with computer-based instrumentation and control systems is preferred.
  • Candidate should have experience conducting risk and vulnerability assessments, leading audit reviews, developing project plans, and leading cross-functional project teams.
  • Ability to obtain and maintain a DOE security clearance is required.
  • Must be a U.S. citizen with no dual citizenship.


Applicants selected will be subject to a Federal background investigation and must meet eligibility requirements for access to classified information or matter. Position requires U.S. citizenship with (no dual citizenship) ability to obtain and maintain a Department of Energy (DOE) security clearance which involves an extensive criminal and financial background investigation, drug test and previous employment reference verifications.

BWXT supports diversity and is committed to the concept of Equal Employment Opportunity. We have established procedures to ensure that all personnel actions such as recruitment, compensation, career development, benefits, company-sponsored training and social recreational programs are administered without regard to race, color, religion, gender, national origin, citizenship, age, disability or veteran status.


Nearest Major Market: Lynchburg
Nearest Secondary Market: Virginia

Job Segment: Information Systems, Information Technology, IT Manager, Corporate Security, Technology, Security