Job SummaryWe have an exciting opportunity for a Cybersecurity Compliance Program Manager to join our Information Technology Services (ITS) Information Assurance team.
Reporting directly to the Senior Manager of IT Governance, Risk and Compliance, this role will support the IT compliance activities of the organization. With general supervision, this position is responsible for supporting the development and implementation of cybersecurity compliance programs, and related procedures.
DUTIES AND RESPONSIBILITIES:- Develop, implement, and maintain IT compliance programs, policies, and procedures in accordance with relevant regulations, including but not limited to:
- NIST Special Publications (e.g., NIST 800-171 Revisions 2, 3)
- DFARS (Defense Federal Acquisition Regulation Supplement)
- FAR (Federal Acquisition Regulation)
- CMMC (Levels 1 through 3)
- ISO 27000 Series
- Conduct regular internal assessments to evaluate the effectiveness of IT controls and identify areas for improvement.
- Manage external audits by government agencies (e.g., DCAA, DCMA) or third-party assessors.
- Work with IT, security, and other departments to ensure that systems and processes are designed and implemented to meet compliance requirements.
- Maintains knowledge of applicable policies, regulations, and compliance documents related to cybersecurity and information assurance.
- Participates in assessments of information technology systems; ensures periodic system security reviews are conducted and documented.
- Provides input to a cybersecurity awareness training program that is engaging and influences changes in employees' behavior.
- Develops appropriate electronic and hard copy reports and records, including new or revised electronic or hard copy documentation.
- Create compliance related presentations to internal stakeholders as needed.
- Monitor changes in regulations and update policies and procedures accordingly.
- Serve as a point of contact for IT compliance-related inquiries
- Investigate and address any compliance violations or incidents
- Maintain the strict confidentiality of sensitive information.
- Embraces continuous learning with a passion to keep abreast of changes in regulatory and technology environments.
- Responsible for observing all laws, regulations, and other applicable obligations wherever and whenever business is conducted on behalf of the Company.
- Responsible for ensuring work is accomplished in a safe manner in accordance with established operating procedures and practices.
Job Qualifications- Typically requires a bachelors degree in a related discipline and ten or more years of progressive professional experience in information assurance or a related field. Equivalent professional experience may be substituted in lieu of education.
- Prefer has 6+ experience with cybersecurity and IT compliance programs affecting highly regulated industries.
- CompTIA Security +, CISSP or higher certification strongly desired.
- Familiar with regulatory requirements that affect the Aerospace and Defense industry such as DFARS [redacted], DFARS [redacted] through 7020, and Cybersecurity Maturity Model Certification (CMMC).
- Familiar with international regulatory requirements that affect that Aerospace and Defense industry, such as UK Cyber Essentials, Canada Program for Cyber Security Certification (CPCSC), etc.
- Familiar with applicable Artificial Intelligence (AI) regulations at local, state, federal and international levels
- Familiar with internationally recognized standards, such as the ISO 27000 series
- Familiar with privacy regulations, such as CCPA and GDPR
- Experience with utilizing tools to support compliance programs, such as GRC tools
- Embraces continuous learning with a passion to keep abreast of changes in regulatory and technology environments.
- Must have experience organizing, planning, scheduling, conducting, and managing work assignments to meet project milestones or established completion dates.
- Must possess the ability to understand new concepts quickly and apply them in an evolving environment while contributing to the development of new processes.
- Must be customer focused and possess:
- The ability to identify issues, analyze data and develop solutions to a variety of technical and administrative problems;
- Excellent analytical, verbal and written communication skills to accurately document, report, and present findings;
- Excellent interpersonal skills enabling an effective interface with other professionals; and
- Excellent computer skills. Ability to work independently or in a team environment is essential as is the ability to work extended hours as required.
- The applicant must be a U.S. citizen and possess, or be able to obtain and maintain, a security clearance at or above the Secret level.
