Information Systems Security Manager (ISSM)
Oklo Inc · Santa Clara, CA
- On site
- Full-time
- $125,000 / year
- Santa Clara, CA
Job highlights
- Manage Oklo's information system security posture.
- Implement and improve security controls and compliance.
- Oversee cybersecurity operations and incident response.
- Collaborate with IT, engineering, legal, and compliance.
- Work in a fast-paced, mission-driven startup.
About the role
Information Systems Security Manager
Oklo Inc. is seeking an Information Systems Security Manager (ISSM) to join our team. This role reports to the Senior Manager of IT and Cyber and is responsible for implementing, operating, and continuously improving Oklo’s information system security program. The ISSM will own the day-to-day security posture of Oklo’s information systems, ensuring confidentiality, integrity, and availability while maintaining compliance with applicable regulatory frameworks. This role bridges technical execution with compliance rigor, partnering closely with IT, engineering, legal, and compliance stakeholders. This position is ideal for someone who thrives in a fast-paced startup, enjoys building and operating security programs, and is motivated by protecting mission-critical systems that support advanced nuclear energy innovation.Key Responsibilities
- Serve as the primary authority for the security posture of Oklo’s information systems.
- Implement, maintain, and continuously improve information system security controls in alignment with NIST 800-53 and NIST 800-171.
- Ensure security requirements are embedded into system design, configuration, and operations across on-premises and cloud environments.
- Implement, assess, and remediate system configurations against security baselines and hardening standards, including DISA STIGs and CIS Benchmarks.
- Partner with IT and engineering teams to ensure secure architectures, access controls, encryption, and monitoring.
- Oversee system-level security monitoring, logging, and alerting to detect and respond to security events.
- Lead incident response activities, including investigation, containment, remediation, and post-incident reviews.
- Coordinate vulnerability management activities, including scanning, remediation tracking, and validation.
- Ensure timely application of security patches and configuration hardening across systems and platforms.
- Own execution of security compliance activities related to various standards and contract requirements such as SOX, NIST and CMMC.
- Build, Create and Maintain System Security Plans (SSPs), policies, procedures, and supporting security artifacts.
- Conduct system risk assessments and track risks through mitigation, acceptance, or remediation.
- Support internal and external audits and assessments, ensuring evidence readiness and corrective action tracking.
- Enforce controls related to export-controlled data (DOE ECI), including access restrictions, segmentation, and secure data handling.
- Develop, maintain, and enforce information security policies, standards, and procedures.
- Ensure security documentation is accurate, current, and aligned with operational reality.
- Provide clear, actionable guidance to system owners and users regarding security responsibilities and expectations.
- Act as a trusted advisor to the Senior Manager of IT and Cyber on system security risks, gaps, and improvement opportunities.
- Partner with engineering, operations, and compliance teams to balance security, usability, and innovation.
- Communicate security risks, decisions, and requirements effectively to both technical and non-technical stakeholders.
Minimum Qualifications
- 6+ years of experience in information security or cybersecurity, with 3+ years in a system security, security engineering, or compliance-focused role.
- Proven experience applying, remediating, and maintaining compliance with security configuration frameworks such as DISA STIGs and CIS Benchmarks.
- Proven operational experience securing and maintaining systems across Linux, macOS, and Windows environments, with Linux as the primary operating system.
- Demonstrated experience implementing or operating security controls under NIST frameworks.
- Experience using automated or semi-automated compliance tooling to assess and remediate STIG or CIS controls.
- Prior experience supporting federally regulated environments, including DOE, NRC, DoD, or similar regulatory bodies.
- Active certification meeting DoD 8570 / DoD 8140 baseline requirements (e.g., CISSP, CISM, CASP+, GSEC, Security+).
- Must be considered a “U.S. Person” under 8 U.S.C. 1324b(a)(3).
Competencies
- Strong working knowledge of NIST 800-53, NIST 800-171, and risk-based security control implementation.
- Demonstrated hands-on experience remediating systems using DISA STIGs and CIS Benchmarks.
- Strong proficiency across operating systems, with hands-on experience in Linux (primary), macOS (secondary), and Windows (tertiary) environments.
- Experience supporting regulated environments (DOE, DoD, NRC, etc.).
- Ability to translate regulatory requirements into practical, operational security controls.
- Proven experience leading incident response and vulnerability remediation efforts.
- Excellent written and verbal communication skills.
- Strong organizational and time-management skills.
- Comfortable operating in a fast-paced, highly iterative startup environment.
- Curious, adaptable, and willing to propose creative and novel solutions to security challenges.
- An excellent writer who communicates clearly in a modern, active voice.
- Passionate about clean energy and making advanced fission a reality.
Who you are
- A startup person: You aren't driven by titles or hierarchy, and prefer efficiency to excess process.
- Motivated: You are self-motivated and bring enthusiasm to the team.
- A team-player: You work collaboratively and are not about taking credit or pushing blame.
- An excellent communicator: You are technically competent and a clear, upbeat communicator.
- Creative: You can identify and invent solutions to problems.
- Detail-oriented: You focus on excellence, consistency, and quality.
Travel Requirements
Remote employees are required to travel to headquarters (Santa Clara, CA) twice a quarter, with mandatory in-person attendance for the first two weeks of onboarding.Key Skills/Competency
- Information Security
- Cybersecurity
- NIST 800-53
- NIST 800-171
- DISA STIGs
- CIS Benchmarks
- Incident Response
- Vulnerability Management
- Risk Management
- Compliance
Skills & topics
- Information Security Manager
- Cybersecurity
- NIST
- ISSM
- Security Compliance
- Incident Response
- Vulnerability Management
- Linux Security
- Cloud Security
- Startup
How to get hired
- Tailor your resume: Highlight experience with NIST frameworks, DISA STIGs, CIS Benchmarks, and regulated environments.
- Showcase technical skills: Emphasize proficiency in Linux, macOS, and Windows security configurations and compliance tooling.
- Demonstrate leadership: Detail your experience in incident response, vulnerability management, and policy development.
- Express passion for mission: Convey your interest in clean energy and advanced nuclear technology.
- Prepare for questions: Be ready to discuss your approach to security in a startup environment.
Technical preparation
Master NIST 800-53 and 800-171 controls.,Practice STIGs and CIS Benchmarks remediation.,Gain hands-on Linux, macOS, Windows hardening.,Familiarize with compliance automation tools.
Behavioral questions
Describe a complex security challenge you solved.,How do you balance security with innovation?,How do you handle competing priorities in a startup?,Explain a security risk to a non-technical audience.
Frequently asked questions
- What are the key security frameworks relevant to the Information Systems Security Manager role at Oklo Inc.?
- The Information Systems Security Manager (ISSM) role at Oklo Inc. requires strong working knowledge of NIST 800-53, NIST 800-171, DISA STIGs, and CIS Benchmarks. Experience with these frameworks is crucial for implementing and maintaining the security posture of Oklo's information systems and ensuring compliance with regulatory requirements.
- What operating systems experience is most important for the ISSM position at Oklo Inc.?
- For the Information Systems Security Manager position at Oklo Inc., strong proficiency across operating systems is expected, with a primary focus on Linux. Hands-on experience with macOS and Windows environments is also valued, particularly concerning system hardening, security configuration, and troubleshooting.
- Does Oklo Inc. require specific cybersecurity certifications for the Information Systems Security Manager role?
- Yes, Oklo Inc. requires an active certification meeting DoD 8570 / DoD 8140 baseline requirements for Information Assurance / Cybersecurity roles. Accepted certifications include CISSP, CISM, CASP+, GSEC, and Security+.
- What is the work arrangement for the Information Systems Security Manager position at Oklo Inc.?
- The Information Systems Security Manager position at Oklo Inc. is a remote role. However, remote employees are required to travel to headquarters in Santa Clara, CA twice per quarter for business or team needs. Additionally, new employees must be in person at headquarters for the first two weeks of onboarding.
- How does Oklo Inc. handle cybersecurity compliance in regulated environments for the ISSM role?
- The ISSM at Oklo Inc. is responsible for owning the execution of security compliance activities related to various standards and contract requirements, including those from DOE, NRC, and DoD. This involves building and maintaining System Security Plans (SSPs), conducting risk assessments, and supporting audits to ensure adherence to federal regulations.
- What are the opportunities for growth in the Information Systems Security Manager role at Oklo Inc.?
- Oklo Inc. is a rapidly evolving startup focused on advanced nuclear energy innovation. The Information Systems Security Manager role offers the opportunity to build and operate security programs from the ground up, directly impacting mission-critical systems. This hands-on experience in a dynamic environment provides significant professional growth potential.