Information Systems Security Manager – ISSM

Role Overview

• Serve as the primary authority for the security posture of Oklo’s information systems.
• Implement, maintain, and continuously improve information system security controls in alignment with NIST 800-53 and NIST 800-171.
• Ensure security requirements are embedded into system design, configuration, and operations across on-premises and cloud environments.
• Implement, assess, and remediate system configurations against security baselines and hardening standards, including DISA STIGs and CIS Benchmarks, ensuring secure and compliant system configurations across servers, endpoints, and cloud resources.
• Partner with IT and engineering teams to ensure secure architectures, access controls, encryption, and monitoring.
• Oversee system-level security monitoring, logging, and alerting to detect and respond to security events.
• Lead incident response activities, including investigation, containment, remediation, and post-incident reviews.
• Coordinate vulnerability management activities, including scanning, remediation tracking, and validation.
• Ensure timely application of security patches and configuration hardening across systems and platforms.
• Own execution of security compliance activities related to various standards and contract requirements such as SOX, NIST and CMMC.
• Build, Create and Maintain System Security Plans (SSPs), policies, procedures, and supporting security artifacts.
• Conduct system risk assessments and track risks through mitigation, acceptance, or remediation.
• Support internal and external audits and assessments, ensuring evidence readiness and corrective action tracking.
• Enforce controls related to export-controlled data (DOE ECI), including access restrictions, segmentation, and secure data handling.
• Develop, maintain, and enforce information security policies, standards, and procedures.
• Ensure security documentation is accurate, current, and aligned with operational reality.
• Provide clear, actionable guidance to system owners and users regarding security responsibilities and expectations.
• Act as a trusted advisor to the Senior Manager of IT and Cyber on system security risks, gaps, and improvement opportunities
• Partner with engineering, operations, and compliance teams to balance security, usability, and innovation
• Communicate security risks, decisions, and requirements effectively to both technical and non-technical stakeholders

Requirements

• 6+ years of experience in information security or cybersecurity, with 3+ years in a system security, security engineering, or compliance-focused role.
• Proven experience applying, remediating, and maintaining compliance with security configuration frameworks such as DISA STIGs and CIS Benchmarks.
• Proven operational experience securing and maintaining systems across Linux, macOS, and Windows environments, with Linux as the primary operating system.
• Demonstrated experience implementing or operating security controls under NIST frameworks.
• Experience using automated or semi-automated compliance tooling to assess and remediate STIG or CIS controls (e.g., SCAP, OpenSCAP, compliance-as-code, or equivalent).
• Prior experience supporting federally regulated environments, including DOE, NRC, DoD, or similar regulatory bodies.
• Active certification meeting DoD 8570 / DoD 8140 baseline requirements for Information Assurance / Cybersecurity roles, including one or more of the following:
• CISSP
• CISM
• CASP+
• GSLC
• Security+
• Must be considered a “U.S. Person” under 8 U.S.C. 1324b(a)(3).

Tech Stack

• Cloud
• Cyber Security
• Linux
• MacOS

Benefits

• flexible time off
• equity
• competitive pay
• 401k
• health insurance
• FSA
• flexible work hours