Rogers Corporation
Manager Cybersecurity Governance, Risk & Compliance
Rogers Corporation, Chandler, Arizona, United States, 85249
Summary
This role is responsible for leading the Cybersecurity Governance, Risk, & Compliance function with responsibility for a risk‑based compliance program that integrates Assessment & Authorization (A&A/RMF), policy and planning, and continuous monitoring across on‑premise‑ and cloud environments. Coordinates security control assessments and system authorizations per NIST RMF practices and develops/maintains cybersecurity policy and governance to ensure alignment with enterprise goals and regulatory obligations (e.g., SOX, NIST 800‑NNN‑, ISO/IEC 27001, privacy laws). Primary alignment to NICE Systems Authorization and Cybersecurity Policy & Planning work roles, with additional responsibilities consistent with the Authorizing Official/Designating Representative role for risk acceptance and accreditation decisions.
Essential Functions
Lead the enterprise Assessment & Authorization (A&A) lifecycle—categorization, control selection/implementation, assessment, authorization, and continuous monitoring—using the NIST RMF and organizational procedures.
Oversee and perform security control assessments; document results, identify systemic issues, and track remediation to closure.
Prepare, review, and maintain authorization packages (e.g., SSP, SAR, POA& M); recommend risk disposition and authorization decisions.
Develop, publish, and maintain cybersecurity policies, standards, and implementation guidelines; ensure policy alignment to business objectives and regulations.
Establish compliance metrics and executive reporting (e.g., control effectiveness, residual risk trends, time‑to‑remediate, audit closure rate); drive continuous improvement.
Coordinate internal/external audits; design and implement independent audit processes for applications, networks, and systems; validate corrective actions.
Govern third‑party‑ / supplier compliance (security and privacy requirements, contractual clauses, assessments) and track risk treatment.
Advise leadership on risk acceptance and authorization determinations; ensure decisions reflect organizational risk tolerance and mission impacts.
Integrate policy, standards, and A&A activities with security architecture/engineering and IT operations to embed compliance by design.
Monitor emerging regulations and technologies; update policy and control baselines accordingly.
Qualifications
Bachelor’s degree in information systems, computer science, cybersecurity, or related field (or equivalent experience).
Certifications: CISA, CISM, CRISC, CIPM, CGEIT, or CISSP (preferred).
5+ years in IT Compliance / GRC, including RMF based A&A, policy governance, audit management, and third party risk.
Hands on with NIST control baselines, ISO/IEC 27001 controls, SOX ITGCs, and privacy obligations.
Experience with GRC platforms, evidence automation, and cloud compliance tooling.
Strong leadership, stakeholder communication, and executive reporting skills.
Rogers Corporation provides equal employment opportunities to minorities, females, veterans and disabled individuals, as well as other protected groups.
#J-18808-Ljbffr
Essential Functions
Lead the enterprise Assessment & Authorization (A&A) lifecycle—categorization, control selection/implementation, assessment, authorization, and continuous monitoring—using the NIST RMF and organizational procedures.
Oversee and perform security control assessments; document results, identify systemic issues, and track remediation to closure.
Prepare, review, and maintain authorization packages (e.g., SSP, SAR, POA& M); recommend risk disposition and authorization decisions.
Develop, publish, and maintain cybersecurity policies, standards, and implementation guidelines; ensure policy alignment to business objectives and regulations.
Establish compliance metrics and executive reporting (e.g., control effectiveness, residual risk trends, time‑to‑remediate, audit closure rate); drive continuous improvement.
Coordinate internal/external audits; design and implement independent audit processes for applications, networks, and systems; validate corrective actions.
Govern third‑party‑ / supplier compliance (security and privacy requirements, contractual clauses, assessments) and track risk treatment.
Advise leadership on risk acceptance and authorization determinations; ensure decisions reflect organizational risk tolerance and mission impacts.
Integrate policy, standards, and A&A activities with security architecture/engineering and IT operations to embed compliance by design.
Monitor emerging regulations and technologies; update policy and control baselines accordingly.
Qualifications
Bachelor’s degree in information systems, computer science, cybersecurity, or related field (or equivalent experience).
Certifications: CISA, CISM, CRISC, CIPM, CGEIT, or CISSP (preferred).
5+ years in IT Compliance / GRC, including RMF based A&A, policy governance, audit management, and third party risk.
Hands on with NIST control baselines, ISO/IEC 27001 controls, SOX ITGCs, and privacy obligations.
Experience with GRC platforms, evidence automation, and cloud compliance tooling.
Strong leadership, stakeholder communication, and executive reporting skills.
Rogers Corporation provides equal employment opportunities to minorities, females, veterans and disabled individuals, as well as other protected groups.
#J-18808-Ljbffr