Information Systems Security Manager (ISSM)

Thanks for your interest in Oklo! We are searching for an Information Systems Security Manager (ISSM) to join our team. Position Description The Information Systems Security Manager (ISSM) at Oklo, Inc. reports to the Senior Manager of IT and Cyber and is responsible for the implementation, operation, and continuous improvement of Oklo’s information system security program. This role owns the day-to-day security posture of Oklo’s information systems, ensuring confidentiality, integrity, and availability while maintaining compliance with applicable regulatory frameworks, including NIST 800-53, NIST 800-171, and DOE export control requirements under 10 CFR Part 810. The ISSM is a hands-on security leader who bridges technical execution with compliance rigor. This role partners closely with IT, engineering, legal, and compliance stakeholders to ensure secure system design, secure operations, and audit readiness across Oklo’s rapidly evolving technology environment. This position is ideal for someone who thrives in a fast-paced startup, enjoys building and operating security programs, and is motivated by protecting mission-critical systems that support advanced nuclear energy innovation. Specific responsibilities may include: Information System Security Management Serve as the primary authority for the security posture of Oklo’s information systems. Implement, maintain, and continuously improve information system security controls in alignment with NIST 800-53 and NIST 800-171. Ensure security requirements are embedded into system design, configuration, and operations across on-premises and cloud environments. Implement, assess, and remediate system configurations against security baselines and hardening standards, including DISA STIGs and CIS Benchmarks, ensuring secure and compliant system configurations across servers, endpoints, and cloud resources. Partner with IT and engineering teams to ensure secure architectures, access controls, encryption, and monitoring. Cybersecurity Operations Oversee system-level security monitoring, logging, and alerting to detect and respond to security events. Lead incident response activities, including investigation, containment, remediation, and post-incident reviews. Coordinate vulnerability management activities, including scanning, remediation tracking, and validation. Ensure timely application of security patches and configuration hardening across systems and platforms. Compliance Risk Management Own execution of security compliance activities related to various standards and contract requirements such as SOX, NIST and CMMC. Build, Create and Maintain System Security Plans (SSPs), policies, procedures, and supporting security artifacts. Conduct system risk assessments and track risks through mitigation, acceptance, or remediation. Support internal and external audits and assessments, ensuring evidence readiness and corrective action tracking. Enforce controls related to export-controlled data (DOE ECI), including access restrictions, segmentation, and secure data handling. Governance, Policy Documentation Develop, maintain, and enforce information security policies, standards, and procedures. Ensure security documentation is accurate, current, and aligned with operational reality. Provide clear, actionable guidance to system owners and users regarding security responsibilities and expectations. Collaboration Leadership Act as a trusted advisor to the Senior Manager of IT and Cyber on system security risks, gaps, and improvement opportunities Partner with engineering, operations, and compliance teams to balance security, usability, and innovation Communicate security risks, decisions, and requirements effectively to both technical and non-technical stakeholders Minimum Qualifications: 6+ years of experience in information security or cybersecurity, with 3+ years in a system security, security engineering, or compliance-focused role. Proven experience applyin ... (truncated, view full listing at source)