ZipRecruiter
Job DescriptionJob Description
In this role you will:
Be execution responsible for the implementation of (and continuous review, update and verification of) the Company’s IT-related security and compliance requirements and initiatives.
Develop and maintain NIST 800-171 (future CMMC Level-2) POA&Ms, information system security plans (SSPs) and detailed supporting documentation.
Collaborate with both internal resources as well as external consultants and auditors, to facilitate compliance reviews and certifications.
Gain thorough understanding of all of the Company’s technology, and the business and operational processes they facilitate, sufficiently to evaluate controls and identify risk and compliance concerns.
Execute compliance and information security-related projects in accordance with strategic objectives.
Develop and verify IT-related remediation and contingency plans.
Develop and review, on a continuous basis, cybersecurity logs and reports, to verify security.
Design/identify, implement, and maintain automated solutions, to facilitate proactive notifications of security-related issues/incidents – including unauthorized or inappropriate configuration changes.
Manage the control frameworks and documents that support our information-security compliance standards.
Be a reliable, responsible, and accountable self-starter, able to prioritize tasks and work independently.
Requirements Bachelor’s degree in Computer Science, Cyber/Information Security, or similar.
Minimum of 3 years of experience in a Corporate IT environment, in a hands-on role dedicated to information security compliance , systems security, IT risk management, IT audit, or similar/related.
Demonstrated hands-on experience with NIST 800-171 and ISO-27001 controls.
Experience independently evaluating controls which are applied to technology-driven processes.
Experience authoring and maintaining detailed documentation which defines policies, procedures and execution plans, and as proof/support of compliance.
Strong knowledge of enterprise Information Security pillars (Perimeter security, Management and Governance, Privileged Account Management, Compliance, Penetration testing, Encryption, Cloud Security, Incident Response, Vulnerability Management).
Familiarity with a variety of technologies, operating systems, databases, and reporting and data analytics tools.
Ability to effectively communicate security-related concepts to a broad range of technical and non-technical professionals.
Excellent project and time management and organizational skills.
Eligibility for security clearance.
Hybrid position, but must be within commuting distance to Northern NJ for regular meetings. Occasional domestic USA travel
(Washington/Virginia,
Jacksonville FL).
A plus if you have any of these:
Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISM), Certified Information Systems Manager (CISA), GIAC (Global Information Assurance
Certification)/GSNA
(GIAC Systems & Network Auditors) or other similar certification(s).
Demonstrated experience with NIST 800-53, NIST CSF, SANS / CIS Top 20, Fed ramp, FISMA, GDPR.
Experience with scripting tools such as PowerShell, Python (or others).
Experience in container solutions (Docker ).
#J-18808-Ljbffr
Be execution responsible for the implementation of (and continuous review, update and verification of) the Company’s IT-related security and compliance requirements and initiatives.
Develop and maintain NIST 800-171 (future CMMC Level-2) POA&Ms, information system security plans (SSPs) and detailed supporting documentation.
Collaborate with both internal resources as well as external consultants and auditors, to facilitate compliance reviews and certifications.
Gain thorough understanding of all of the Company’s technology, and the business and operational processes they facilitate, sufficiently to evaluate controls and identify risk and compliance concerns.
Execute compliance and information security-related projects in accordance with strategic objectives.
Develop and verify IT-related remediation and contingency plans.
Develop and review, on a continuous basis, cybersecurity logs and reports, to verify security.
Design/identify, implement, and maintain automated solutions, to facilitate proactive notifications of security-related issues/incidents – including unauthorized or inappropriate configuration changes.
Manage the control frameworks and documents that support our information-security compliance standards.
Be a reliable, responsible, and accountable self-starter, able to prioritize tasks and work independently.
Requirements Bachelor’s degree in Computer Science, Cyber/Information Security, or similar.
Minimum of 3 years of experience in a Corporate IT environment, in a hands-on role dedicated to information security compliance , systems security, IT risk management, IT audit, or similar/related.
Demonstrated hands-on experience with NIST 800-171 and ISO-27001 controls.
Experience independently evaluating controls which are applied to technology-driven processes.
Experience authoring and maintaining detailed documentation which defines policies, procedures and execution plans, and as proof/support of compliance.
Strong knowledge of enterprise Information Security pillars (Perimeter security, Management and Governance, Privileged Account Management, Compliance, Penetration testing, Encryption, Cloud Security, Incident Response, Vulnerability Management).
Familiarity with a variety of technologies, operating systems, databases, and reporting and data analytics tools.
Ability to effectively communicate security-related concepts to a broad range of technical and non-technical professionals.
Excellent project and time management and organizational skills.
Eligibility for security clearance.
Hybrid position, but must be within commuting distance to Northern NJ for regular meetings. Occasional domestic USA travel
(Washington/Virginia,
Jacksonville FL).
A plus if you have any of these:
Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISM), Certified Information Systems Manager (CISA), GIAC (Global Information Assurance
Certification)/GSNA
(GIAC Systems & Network Auditors) or other similar certification(s).
Demonstrated experience with NIST 800-53, NIST CSF, SANS / CIS Top 20, Fed ramp, FISMA, GDPR.
Experience with scripting tools such as PowerShell, Python (or others).
Experience in container solutions (Docker ).
#J-18808-Ljbffr