Cyber Security Program System Manager
Description:
Job Description
Description:
Job Title: Cyber Security Program Manager /CISO
Reports To: Sr. IT Manager
Position Summary:
The Cyber Security Program Manager develops and manages the cybersecurity program at Graham. This position identifies and mitigates cyber risks by creating a holistic framework. Job duties include policy and procedure creation and management, risk assessments, management of cyber security and education programs, and creation of compliant CMMC, NIST 800-171, NN801-rev5, PCI, ITAR, EAR programs. This position drives overall risk down by developing a security operations plan built around best practices and frameworks.
Key Results Areas:
Level III – Practice – Optimizing resources & utilization in a mini-organization
Activity & Budget Planning/Performance/Consistency/Predictability
A. Cybersecurity Manager
Develop cyber education and training programs
Develop Cybersecurity policies, procedures, and processes
Manages all requirements for cyber reporting of incidents with the IT Manager
Develop and manage requirements around pen testing and other cyber threat testing
Validates security and configuration of third party software, when needed
Designs and implements Vendor Risk Management program
Defines and manages tools needed for E-discovery and computer forensic needs
Configures GRC tool and monitoring plans to support any audits
B. Classified Systems (If Cleared)
Management of security and requirements and RMF configurations of systems
Management of Documenting and submitting systems in E-Mass either directly or as advisor to other security staff
Management of Security Training program to support classified systems
Management of training and support of IT security staff for classified systems
Support the FSO as AFSO if needed
Research/procurement/creation/monitoring/improvement of technology, systems, equipment & processes
Recommends mitigations for insider threat risks
Determines and manages security software evaluations and implementations to support the cyber program
Hands on implementation of security software, tools, or processes
Develop, lead, staff, manage high performing team
A. CMMC/NIST 800-171/NNPI security lead
Lead compliance efforts for CUI and NNPI processing
Lead CMMC compliance and certification efforts
Lead NN-801-Rev5 compliance
Lead NIST 800-171 requirements
Manage internal and external audits and certifications
Update cyber scores in SPRS, Exostar or other government required systems
B. Lead Cyber security projects and team members
C. Leads internal and external audit teams for all compliance
D. Create a robust incident response team and processes including the creation and execution or regular tabletop exercises and playbooks
Provide effective communication and reporting to all stakeholders
Develop and present cyber security and risk management presentations to senior management and board members, as needed
Develops training materials and trains other staff
Reports incidents to DCSA, NCIS, FBI, DIBNET and others, as needed
Professional Development
Logs incidents into government systems for review
Manages cyber insurance evaluations and determines best path for reducing risk and keeping coverages
Takes lead in maintaining or developing IT processes
Project management
Software evaluation
System administration, if needed
Custom programming, if needed
Performs other related duties as required and assigned
Qualifications:
To qualify for this position, an individual must possess the knowledge, training, experience and abilities required.
Education and Training:
Degree in computer science or cybersecurity or applicable work experience
Experience:
Strong cybersecurity or computer forensics background
Working knowledge of RMF, CMMC, NIST, ITAR, EAR, PCI,NNPI/NOFORN (NN801-REV 5) and other security frameworks
Desired Job Qualifications:
Experience working directly with business end-users preferred.
System administration background
IT auditing & compliance
Strong written and verbal communication skills
Ability to manage other people and projects
Strong security or IT operations background
Experience with EMASS,DISS, NISS, NBIS or other
Skills:
Proficient in Microsoft Office software products
Possession of or ability to obtain CISSP certification within 2 years of taking position
Possession of or ability to get within 1 year – Active Security clearance
Ability to work efficiently with many different types of people, skill levels, and personalities
Demonstrate behavior consistent with company values.
Maintain strict confidentiality regarding company matters.
Proficiency in word processing, spreadsheet, presentation, project management, enterprise resource planning, database software.
Ability and willingness to abide by set policies and/or safety programs established by Graham, our clients, and/or regulatory agencies which govern our performance and behavior in the normal course of our work while on Graham or the client’s property or job site.
Excellent written and verbal communication skills.
Strong organizational and time management skills.
High attention to detail.
Ability to successfully plan and implement objectives within established timelines and work schedules.
Ability to analyze problems and develop effective solutions at both strategic and functional levels.
Develop strategies to achieve organizational goals; Understand organization’s strengths and weaknesses; Analyzes market and competition; Identifies external threats and opportunities; Adapts strategy to changing conditions.
Demonstrate behavior consistent with company values.
Ability to work independently, with minimal direction as a highly motivated self-starter and within a team oriented culture.
Physical and Mental Demands
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of the position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Physical Demands: May be required to move items up to 60 pounds for distances of up to 10 feet. May be required to stand, stoop, bend, kneel and squat for extended periods. May be exposed to fumes or dust, toxic or caustic chemicals, outdoor weather, moving mechanical parts and moderate to loud noise levels. Must wear appropriate protective gear and clothing as necessary. Traveling between buildings will be required. Require to speak and communicate clearly with others.
Mental demands: While performing the duties of this position, the individual is required to read, write, analyze data and reports, exercise judgement, develop plans, procedures and goals, present information to others and work under pressure.
Work environment: This job operates in a clerical office setting and in the manufacturing spaces. This role routinely uses standard office equipment such as computers, phones, photocopiers and filing cabinets
Work Authorization/Security Clearance
Must be a U.S citizen. Must be able to obtain US government security clearance if required.
This job description is not all-inclusive but rather serves as a general guideline of the current needs of the position and can be modified at the discretion of management to meet current business needs. Experience and education requirements are the primary basis for awarding this position, however substitutions that are essentially equivalent may be made as they relate to the essential functions, duties, and responsibilities of this position
Requirements:
Full-time