R.E. Darling Co. Inc.
Cybersecurity Compliance Specialist
R.E. Darling Co. Inc., Tucson, Arizona, United States, 85718
This position will require access to ITAR and/or EAR controlled technical data, technology or source code, and requires that all individuals in this role be authorized to access such information
General Description The Cybersecurity & Compliance Specialist is a salaried position reporting to the Information Technology & Systems Manager. The Cybersecurity & Compliance Specialist is responsible for the Cybersecurity posture, compliance, readiness, training and ongoing governance of information systems subject to Cybersecurity Maturity Model Certification (CMMC) and Controlled Unclassified Information (CUI). The Cybersecurity & Compliance Specialist will lead cross-functional working groups and coordinate with External Service Providers (ESP) as required. This position requires strong organizational skills, analytical skills, a high level of attention to detail and knowledge of current requirements for compliance. Good communications skills are required with the ability to work with all levels of the organization diplomatically and skillfully.
Primary Responsibilities
Provide governance and CMMC Program Management to ensure compliance to legal and regulatory requirements including dictated customer requirements
Maintain and update REDAR’s System Security Policy, Plan of Action & Milestones (POA&Ms), Risk assessments and related security policies
Cyber Security/Disaster Recovery/Incident Response and Business Continuity Planning
Cyber Security, Controlled Unclassified Information (CUI), Risk Awareness and IT policy training
Ensure continuous monitoring, logging, vulnerability scanning and system hardening
Education and Experience Requirements
Bachelor's degree in computer sciences, Information Systems or a specialized cybersecurity program, which will provide foundational knowledge in network security, risk management, cryptography, and threat detection
Minimum three years’ experience in the following areas
Monitoring and remediating Cyber Security threats
Implementation and retention of corporate policies
Training employees on Cyber Security policies and awareness
Windows server administration
Microsoft Office 365 & Exchange administration
Previous employment with a Department of Defense Contractor preferred
Previous experience with CMMC and NIST 800-171 compliance preferred
Specific Tasks and Focus Areas
Provide governance and CMMC Program Management to ensure compliance to legal and regulatory requirements including dictated customer requirements
Collaborate with Information Technology & Systems Manager to manage Information System Security for CUI systems
Cybersecurity Maturity Model Certification (CMMC) and NIST 800-171 Compliance & Governance
Develop and execute a strategic roadmap to achieve and maintain CMMC Level 2 Compliance
Coordinate readiness assessments, gap analysis and remediation planning
Oversee implementation and maintenance of NIST SP 800-171 controls
Implementation, and retention of IT policies, processes and systems required to satisfy CMMC (including NIST 800-171) compliance
Collaborate with business units to develop and implement processes & procedures to support regulatory and customer dictated security requirements
Provide evidence/supporting documents to attest to individual requirements of CMMC and NIST 800-171
Enter data required in Procurement Integrated Enterprise Environment (PIEE) for CMMC, Supplier Performance Risk System (SPRS), etc.
Coordinate with Registered Practitioner Organization (RPO) and Certified Third-Party Assessor Organization (C3PAO) to attain/retain CMMC certification.
Primary liaison with Customers, Senior Leaders, Managers, Contracts/Exports Department and other internal employees as required regarding CMMC compliance and status
Collaboration with Supply Chain
Monitoring of CMMC related FAR/DFAR clauses
Develop and execute process to Audit departments and users for compliance
Current awareness of changing and upcoming security and compliance requirements
Additional Focus
Maintain and update REDAR’s System Security Policy (SSP), Plan of Action & Milestones (POA&Ms), Risk assessments and related security policies
Review and update System Security Plan (SSP) to reflect current requirements
Review and update Plan of Action and Milestones (POAM) to reflect current status for meeting/retaining CMMC certification
Review and update REDAR Information System Security (ISS) policies as required
Communicate and train users to revised requirements for the SSP, POA&M and related policies
Cyber Security/Disaster Recovery/Incident Response and Business Continuity Planning
Review and update REDAR’s Incident Response Plan
Lead security incident response and reporting activities for in-scope systems
Respond to and oversee mitigation of threats in a timely manner per REDAR’s Incident Response Plan
Ensure best practices for security with least level of access required are employed
Stay abreast of current and trending threats by reviewing Cyber Intel provided by Managed Detection and Response (MDR) and/or Managed Service Security Provider (MSSP) as required
Collaborate with Information Technology & Systems Manager to implement and support requirements for qualification of Cybersecurity Insurance
Collaborate with Information Technology & Systems Manager to implement proactive solutions to prevent against new threats as they become known
Oversee and direct company communication and education to provide user awareness of ongoing threats and risks
Oversee system patches/updates to operating systems & clients are implemented
Awareness of company data Backup, Disaster Recovery and Business Continuity Plans
Collaborate with the Information Technology & Systems Manager to develop and review that appropriate security procedures are in place to safeguard the systems from physical harm and viruses, unauthorized users and damage to data
Review and update REDAR’s incident response plan
Training and Awareness
Provide Cyber Security, Controlled Unclassified Information (CUI), Risk Awareness and IT policy training
Develop and maintain training media for cyber security requirements, CUI and risk awareness
Train employees in cyber security requirements, CUI, risk awareness and company security policies
Ongoing current cyber threat awareness training
Ongoing training on revisions to REDAR’s Information Systems Security Policy (ISS) and related policies
Continuous Monitoring and Security Operations
Ensure continuous monitoring, logging, vulnerability scanning and system hardening.
Coordinate with contracted External Service Providers (ESP) for Managed Detection and Response (MDR), Managed Service Provider (MSP) and/or Managed Service Security Provider (MSSP) as required
Coordinate with Information Technology & Systems Manager and Network & Systems Administrator as required
AA/EOE/W/M/Vet/Disable
R.E. Darling Co., Inc. is an equal opportunity employer. All qualified applicants will receive consideration of employment without regard to race, religion, color, national origin, gender, gender identity, sexual orientation, age, status as protected veteran, among other things, or status as qualified individual with disability.
Qualifications Education Preferred
Bachelors or better in Computer Science.
Bachelors or better in Information Technology.
Technical/other training or better in Computer Science.
Technical/other training or better in Information Technology.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities This employer is required to notify all applicants of their rights pursuant to federal employment laws.For further information, please review the Know Your Rights notice from the Department of Labor.
#J-18808-Ljbffr
General Description The Cybersecurity & Compliance Specialist is a salaried position reporting to the Information Technology & Systems Manager. The Cybersecurity & Compliance Specialist is responsible for the Cybersecurity posture, compliance, readiness, training and ongoing governance of information systems subject to Cybersecurity Maturity Model Certification (CMMC) and Controlled Unclassified Information (CUI). The Cybersecurity & Compliance Specialist will lead cross-functional working groups and coordinate with External Service Providers (ESP) as required. This position requires strong organizational skills, analytical skills, a high level of attention to detail and knowledge of current requirements for compliance. Good communications skills are required with the ability to work with all levels of the organization diplomatically and skillfully.
Primary Responsibilities
Provide governance and CMMC Program Management to ensure compliance to legal and regulatory requirements including dictated customer requirements
Maintain and update REDAR’s System Security Policy, Plan of Action & Milestones (POA&Ms), Risk assessments and related security policies
Cyber Security/Disaster Recovery/Incident Response and Business Continuity Planning
Cyber Security, Controlled Unclassified Information (CUI), Risk Awareness and IT policy training
Ensure continuous monitoring, logging, vulnerability scanning and system hardening
Education and Experience Requirements
Bachelor's degree in computer sciences, Information Systems or a specialized cybersecurity program, which will provide foundational knowledge in network security, risk management, cryptography, and threat detection
Minimum three years’ experience in the following areas
Monitoring and remediating Cyber Security threats
Implementation and retention of corporate policies
Training employees on Cyber Security policies and awareness
Windows server administration
Microsoft Office 365 & Exchange administration
Previous employment with a Department of Defense Contractor preferred
Previous experience with CMMC and NIST 800-171 compliance preferred
Specific Tasks and Focus Areas
Provide governance and CMMC Program Management to ensure compliance to legal and regulatory requirements including dictated customer requirements
Collaborate with Information Technology & Systems Manager to manage Information System Security for CUI systems
Cybersecurity Maturity Model Certification (CMMC) and NIST 800-171 Compliance & Governance
Develop and execute a strategic roadmap to achieve and maintain CMMC Level 2 Compliance
Coordinate readiness assessments, gap analysis and remediation planning
Oversee implementation and maintenance of NIST SP 800-171 controls
Implementation, and retention of IT policies, processes and systems required to satisfy CMMC (including NIST 800-171) compliance
Collaborate with business units to develop and implement processes & procedures to support regulatory and customer dictated security requirements
Provide evidence/supporting documents to attest to individual requirements of CMMC and NIST 800-171
Enter data required in Procurement Integrated Enterprise Environment (PIEE) for CMMC, Supplier Performance Risk System (SPRS), etc.
Coordinate with Registered Practitioner Organization (RPO) and Certified Third-Party Assessor Organization (C3PAO) to attain/retain CMMC certification.
Primary liaison with Customers, Senior Leaders, Managers, Contracts/Exports Department and other internal employees as required regarding CMMC compliance and status
Collaboration with Supply Chain
Monitoring of CMMC related FAR/DFAR clauses
Develop and execute process to Audit departments and users for compliance
Current awareness of changing and upcoming security and compliance requirements
Additional Focus
Maintain and update REDAR’s System Security Policy (SSP), Plan of Action & Milestones (POA&Ms), Risk assessments and related security policies
Review and update System Security Plan (SSP) to reflect current requirements
Review and update Plan of Action and Milestones (POAM) to reflect current status for meeting/retaining CMMC certification
Review and update REDAR Information System Security (ISS) policies as required
Communicate and train users to revised requirements for the SSP, POA&M and related policies
Cyber Security/Disaster Recovery/Incident Response and Business Continuity Planning
Review and update REDAR’s Incident Response Plan
Lead security incident response and reporting activities for in-scope systems
Respond to and oversee mitigation of threats in a timely manner per REDAR’s Incident Response Plan
Ensure best practices for security with least level of access required are employed
Stay abreast of current and trending threats by reviewing Cyber Intel provided by Managed Detection and Response (MDR) and/or Managed Service Security Provider (MSSP) as required
Collaborate with Information Technology & Systems Manager to implement and support requirements for qualification of Cybersecurity Insurance
Collaborate with Information Technology & Systems Manager to implement proactive solutions to prevent against new threats as they become known
Oversee and direct company communication and education to provide user awareness of ongoing threats and risks
Oversee system patches/updates to operating systems & clients are implemented
Awareness of company data Backup, Disaster Recovery and Business Continuity Plans
Collaborate with the Information Technology & Systems Manager to develop and review that appropriate security procedures are in place to safeguard the systems from physical harm and viruses, unauthorized users and damage to data
Review and update REDAR’s incident response plan
Training and Awareness
Provide Cyber Security, Controlled Unclassified Information (CUI), Risk Awareness and IT policy training
Develop and maintain training media for cyber security requirements, CUI and risk awareness
Train employees in cyber security requirements, CUI, risk awareness and company security policies
Ongoing current cyber threat awareness training
Ongoing training on revisions to REDAR’s Information Systems Security Policy (ISS) and related policies
Continuous Monitoring and Security Operations
Ensure continuous monitoring, logging, vulnerability scanning and system hardening.
Coordinate with contracted External Service Providers (ESP) for Managed Detection and Response (MDR), Managed Service Provider (MSP) and/or Managed Service Security Provider (MSSP) as required
Coordinate with Information Technology & Systems Manager and Network & Systems Administrator as required
AA/EOE/W/M/Vet/Disable
R.E. Darling Co., Inc. is an equal opportunity employer. All qualified applicants will receive consideration of employment without regard to race, religion, color, national origin, gender, gender identity, sexual orientation, age, status as protected veteran, among other things, or status as qualified individual with disability.
Qualifications Education Preferred
Bachelors or better in Computer Science.
Bachelors or better in Information Technology.
Technical/other training or better in Computer Science.
Technical/other training or better in Information Technology.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities This employer is required to notify all applicants of their rights pursuant to federal employment laws.For further information, please review the Know Your Rights notice from the Department of Labor.
#J-18808-Ljbffr