Information Systems Security Manager (ISSM)

Thanks for your interest in Oklo! We are searching for an Information Systems Security Manager (ISSM) to join our team.

Position Description

The Information Systems Security Manager (ISSM) at Oklo, Inc. reports to the Senior Manager of IT and Cyber and is responsible for the implementation, operation, and continuous improvement of Oklo’s information system security program. This role owns the day-to-day security posture of Oklo’s information systems, ensuring confidentiality, integrity, and availability while maintaining compliance with applicable regulatory frameworks, including NIST 800-53, NIST 800-171, and DOE export control requirements under 10 CFR Part 810.

The ISSM is a hands-on security leader who bridges technical execution with compliance rigor. This role partners closely with IT, engineering, legal, and compliance stakeholders to ensure secure system design, secure operations, and audit readiness across Oklo’s rapidly evolving technology environment.

This position is ideal for someone who thrives in a fast-paced startup, enjoys building and operating security programs, and is motivated by protecting mission-critical systems that support advanced nuclear energy innovation.

Specific responsibilities may include:

Information System Security Management

• Serve as the primary authority for the security posture of Oklo’s information systems.

• Implement, maintain, and continuously improve information system security controls in alignment with NIST 800-53 and NIST 800-171.

• Ensure security requirements are embedded into system design, configuration, and operations across on-premises and cloud environments.

• Implement, assess, and remediate system configurations against security baselines and hardening standards, including DISA STIGs and CIS Benchmarks, ensuring secure and compliant system configurations across servers, endpoints, and cloud resources.

• Partner with IT and engineering teams to ensure secure architectures, access controls, encryption, and monitoring.

Cybersecurity Operations

• Oversee system-level security monitoring, logging, and alerting to detect and respond to security events.

• Lead incident response activities, including investigation, containment, remediation, and post-incident reviews.

• Coordinate vulnerability management activities, including scanning, remediation tracking, and validation.

• Ensure timely application of security patches and configuration hardening across systems and platforms.

Compliance & Risk Management

• Own execution of security compliance activities related to various standards and contract requirements such as SOX, NIST and CMMC.

• Build, Create and Maintain System Security Plans (SSPs), policies, procedures, and supporting security artifacts.

• Conduct system risk assessments and track risks through mitigation, acceptance, or remediation.

• Support internal and external audits and assessments, ensuring evidence readiness and corrective action tracking.

• Enforce controls related to export-controlled data (DOE ECI), including access restrictions, segmentation, and secure data handling.

Governance, Policy & Documentation

• Develop, maintain, and enforce information security policies, standards, and procedures.

• Ensure security documentation is accurate, current, and aligned with operational reality.

• Provide clear, actionable guidance to system owners and users regarding security responsibilities and expectations.

Collaboration & Leadership

• Act as a trusted advisor to the Senior Manager of IT and Cyber on system security risks, gaps, and improvement opportunities

• Partner with engineering, operations, and compliance teams to balance security, usability, and innovation

• Communicate security risks, decisions, and requirements effectively to both technical and non-technical stakeholders

Minimum Qualifications:

• 6+ years of experience in information security or cybersecurity, with 3+ years in a system security, security engineering, or compliance-focused role.

• Proven experience applying, remediating, and maintaining compliance with security configuration frameworks such as DISA STIGs and CIS Benchmarks.

• Proven operational experience securing and maintaining systems across Linux, macOS, and Windows environments, with Linux as the primary operating system.

• Demonstrated experience implementing or operating security controls under NIST frameworks.

• Experience using automated or semi-automated compliance tooling to assess and remediate STIG or CIS controls (e.g., SCAP, OpenSCAP, compliance-as-code, or equivalent).

• Prior experience supporting federally regulated environments, including DOE, NRC, DoD, or similar regulatory bodies.

• Active certification meeting DoD 8570 / DoD 8140 baseline requirements for Information Assurance / Cybersecurity roles, including one or more of the following:

• CISSP

• CISM

• CASP+

• GSLC

• Security+

• Must be considered a “U.S. Person” under 8 U.S.C. 1324b(a)(3).

Competencies

We are looking for an ISSM who has/is:

• Strong working knowledge of NIST 800-53, NIST 800-171, and risk-based security control implementation.

• Demonstrated hands-on experience remediating systems using DISA STIGs and CIS Benchmarks, including validation, documentation, and ongoing compliance monitoring.

• Strong proficiency across operating systems, with hands-on experience in Linux (primary), macOS (secondary), and Windows (tertiary) environments, including system hardening, security configuration, and troubleshooting.

• Experience supporting regulated environments, including DOE, DoD, NRC, or other federal compliance frameworks.

• Ability to translate regulatory requirements into practical, operational security controls.

• Proven experience leading incident response and vulnerability remediation efforts.

• Excellent written and verbal communication skills, with the ability to clearly document security decisions and risks.

• Strong organizational and time-management skills, capable of managing multiple priorities in a fast-paced environment.

• Comfortable operating in a fast-paced, highly iterative startup environment.

• Curious, adaptable, and willing to propose creative and novel solutions to security challenges.

• An excellent writer who communicates clearly in a modern, active voice.

• Passionate about clean energy and making advanced fission a reality.

Who you are:

A startup person: You aren't driven by titles or hierarchy, and prefer efficiency to excess process. You don't need or expect to have a lot of guidance but you enjoy working in a fast-paced team. If you prefer the culture and feel of a large organization, that is great, but you likely won’t enjoy working with us! There is plenty of important work and plenty of good opportunities with organizations like that.

Motivated: You are self-motivated. You bring an enthusiasm to the team, and imbue a sense of passion that goes beyond clocking in and clocking out. This isn’t about a fake or arbitrary “pieces of flair” mentality or lack of work-life balance! It is about being a part of the vision and feeling a part of reaching team goals.

A team-player: Oklo genuinely is a team. We aren’t about taking credit for ourselves, and we aren’t about pushing blame to others. We do incredible things because we work as a team.

An excellent communicator: We need a person who is not only technically competent but also a clear and upbeat communicator.

Creative: Being creative means that when things fall outside clear scopes or processes or problems arise without clear solutions, you are able to identify it as well as invent ways to solve a problem or fill a need without micromanagement. The successful person in this job will not only be creative, but also enjoy being creative and solving open-ended problems which may change day-by-day.

Detail-oriented: This focus is a big part of excellence, consistency, and quality. Excellent grammar and spelling matter for both good communication as well as the image of the company that we put forward.

About Oklo travel requirements:

Oklo requires remote employees to travel to headquarters (Santa Clara, CA) twice a quarter annually, based on business or team needs, including attendance at team meetings, off-sites, and other company events or gatherings. For the first two weeks of onboarding, employees are required to be in person at headquarters in Santa Clara, CA.

About Oklo compensation:

Salary: $115,000-$125,000

Oklo offers flexible time off, equity, competitive pay, 401k, health insurance, FSA, flexible work hours, and other benefits.

This position may involve access to information subject to U.S. export control laws. Only applicants who meet the definition of a U.S. person under applicable laws may be eligible.

About Oklo Inc.: Oklo Inc. is developing fast fission power plants to deliver clean, reliable, and affordable energy at scale; establishing a domestic supply chain for critical radioisotopes; and advancing nuclear fuel recycling to convert nuclear waste into clean energy. Oklo was the first to receive a site use permit from the U.S. Department of Energy for a commercial advanced fission plant, was awarded fuel material from Idaho National Laboratory, and submitted the first custom combined license application for an advanced reactor to the U.S. Nuclear Regulatory Commission. Oklo is also developing advanced fuel recycling technologies in collaboration with the U.S. Department of Energy and U.S. National Laboratories.

#CHOP: Oklo’s Values
Collaboration: We go further, together. We bring diverse perspectives, listen actively, and build trust through transparency and respect. We work across disciplines, sharing ownership to turn complex challenges into shared successes.
Humility: We are team players who act for the good of the company and for the world. We are focused on our mission, not personal recognition.
Ownership: We take pride in what we do and how we do it. We are proactive in finding solutions and see tasks through to completion. We are committed to delivering on our promises to provide clean, reliable, and affordable energy.
Pathfinding: We chart new ground where no path exists by approaching challenges with curiosity, courage, and creativity while navigating ambiguity.

Candidates should be aware that employment may be contingent upon successful completion of a drug screening, and employees may be subject to drug testing at any time in accordance with company policy and applicable laws.

Recruitment Fraud Disclaimer

Oklo is aware of recent recruitment fraud attempts targeting job seekers. Please be cautious of anyone claiming to represent Oklo who does not contact you from an official Oklo email address.

All legitimate communications from our recruiting team— including application updates, interview requests, and job offers — will come exclusively from an @oklo.com email. Oklo will never ask for sensitive personal information, payments, or account credentials during the hiring process.

If you receive suspicious outreach or have concerns about the authenticity of any communication claiming to be from Oklo, please contact us through the official channels listed on our website.