R.E. Darling Company Inc. is hiring: Cybersecurity Compliance Specialist in Tucs

Overview

The Cybersecurity & Compliance Specialist is a salaried position reporting to the Information Technology & Systems Manager. The Cybersecurity & Compliance Specialist is responsible for the Cybersecurity posture, compliance, readiness, training and ongoing governance of information systems subject to Cybersecurity Maturity Model Certification CMMC and Controlled Unclassified Information CUI. This role will lead cross-functional working groups and coordinate with External Service Providers ESP as required. This position requires strong organizational and analytical skills, attention to detail, and knowledge of current requirements for compliance. Good communications skills are required with the ability to work with all levels of the organization diplomatically and skillfully. Access to ITAR and/or EAR controlled data may be required and all individuals must be authorized to access such information.

Primary Responsibilities

• Provide governance and CMMC Program Management to ensure compliance with legal and regulatory requirements including dictated customer requirements
• Maintain and update REDAR’s System Security Policy, Plan of Action & Milestones POA&Ms, risk assessments and related security policies
• Cyber security, disaster recovery, incident response and business continuity planning
• Cyber security, CUI, risk awareness and IT policy training
• Ensure continuous monitoring, logging, vulnerability scanning and system hardening

Education and Experience Requirements

• Bachelor's degree in computer sciences, Information Systems or a specialized cybersecurity program
• Minimum three years’ experience in monitoring and remediating cybersecurity threats
• Implementation and retention of corporate policies
• Training employees on cybersecurity policies and awareness
• Windows server administration
• Microsoft Entra ID administration
• Microsoft Office 365 and Exchange administration
• Previous employment with a Department of Defense contractor preferred
• Previous experience with CMMC and NIST 800-171 compliance preferred

Specific Tasks and Focus Areas

• Provide governance and CMMC Program Management to ensure compliance to legal and regulatory requirements including dictated customer requirements
• Collaborate with Information Technology & Systems Manager to manage information system security for CUI systems
• CMMC and NIST 800-171 compliance and governance, develop and execute a roadmap to achieve and maintain CMMC Level 2
• Coordinate readiness assessments, gap analysis and remediation planning
• Oversee implementation and maintenance of NIST SP 800-171 controls
• Implement and retain IT policies, processes and systems required to satisfy CMMC and NIST 800-171
• Collaborate with business units to develop and implement processes and procedures for regulatory and customer dictated security requirements
• Provide evidence and supporting documents for CMMC and NIST 800-171 requirements
• Enter data in PIEE and SPRS for CMMC
• Coordinate with Registered Practitioner Organization RPO and Certified Third-Party Assessor Organization C3PAO to attain or retain CMMC certification
• Annual attestation coordination
• Primary liaison with Customers and internal teams regarding CMMC compliance and status
• Supplier vendor compliance and collaboration with Supply Chain
• Follow up on compliance status and questionnaires
• Monitoring of CMMC related FAR/DFAR clauses
• Develop and execute processes to audit departments and users for compliance
• Maintain and update REDAR policies including SSP POA&Ms and risk assessments
• Review and update System Security Plan SSP and POAM
• Review and update REDAR ISS policies as required
• Communicate and train users on revised requirements for SSP, POA&M and related policies

Cyber Security, Disaster Recovery, Incident Response and Business Continuity Planning

• Review and update REDAR’s Incident Response Plan
• Lead security incident response and reporting for in-scope systems
• Response and mitigation of threats per the Incident Response Plan
• Ensure least privilege access and best practices for security
• Stay current on threats with Cyber Intel from MDR MSSP
• Collaborate with IT & Systems Manager on cybersecurity insurance requirements
• Develop proactive solutions to counter new threats
• Coordinate user awareness, patches and updates for systems
• Oversee backups, disaster recovery and business continuity planning
• Develop and review security procedures to safeguard systems from harm
• Train employees in cybersecurity, CUI, risk awareness and IT policies
• Develop training media for cybersecurity requirements and risk awareness
• Ongoing training on cybersecurity policies and ISS related changes

Onboarding

• Ongoing current cyber threat awareness training
• Training on revisions to REDAR’s ISS and related policies
• Ensure continuous monitoring, logging, vulnerability scanning and system hardening
• Coordinate with ESPs for MDR, MSP or MSSP as required
• Coordinate with IT & Systems Manager and Network & Systems Administrator as required

EEO statement: AA/EOE/W/VM Vet/Disable. R.E. Darling Co., Inc. is an equal opportunity employer. All qualified applicants will receive consideration of employment without regard to race, religion, color, national origin, gender, gender identity, sexual orientation, age, status as protected veteran, or disability.

Senior ity level

• Mid-Senior level

Employment type

• Full-time

Job function

• Engineering and Information Technology
• Industries: Defense and Space Manufacturing

Referrals increase your chances of interviewing at R.E. Darling Company Inc. by 2x