GE Vernova
Job Description Summary
We are seeking a highly motivated and detail-oriented CMMC Compliance Manager to ensure that our activities comply with the Cybersecurity Maturity Model Certification (CMMC) standards. This role also serves as an Information System Security Officer (ISSO), focusing on ensuring the security, compliance, and authorization of critical federal agency information systems.
Roles and Responsibilities
Develop and implement CMMC compliance strategies and policies to ensure that all research and development activities meet CMMC standards.
Conduct regular audits and assessments to identify and mitigate cybersecurity risks and vulnerabilities.
Collaborate with cross‑functional teams, including IT, legal, and project management, to ensure CMMC compliance across all projects and initiatives.
Provide training and guidance to employees on CMMC requirements and best practices.
Stay current with CMMC updates and industry trends and advise leadership on necessary adjustments to compliance strategies.
Prepare and maintain documentation required for CMMC certification and audits.
Work with external auditors and certification bodies to facilitate CMMC assessments and certifications.
Develop and maintain a CMMC compliance program that aligns with GE Vernova’s overall cybersecurity strategy.
Ensure compliance with all applicable U.S. Government security regulations for information systems and networks under the NIST Risk Management Framework (RMF) process in accordance with the DCSA Assessment and Authorization Process Manual (DAAPM).
Perform and review technical security assessments to identify vulnerabilities and ensure compliance with information assurance standards and regulations.
Conduct regular security audits and assessments.
Prepare, modify and review system security plans (SSP).
Identify information system risks and possible mitigation measures, documenting these in various risk reports and Plans of Action and Milestones (POA&Ms).
Required Qualifications
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. A Master’s degree is a plus.
Professional certification in CMMC (e.g., CMMC Registered Practitioner, CMMC Provisional Assessor) is required.
Minimum of 6‑7 years of experience in cybersecurity, with a focus on CMMC compliance or a similar framework (e.g., NIST 800‑171, ISO 27001).
Strong understanding of cybersecurity principles, risk management, and compliance frameworks.
Excellent communication and interpersonal skills, with the ability to collaborate effectively with diverse teams.
Strong analytical and problem‑solving skills, with the ability to identify and mitigate cybersecurity risks.
Familiarity with federal cybersecurity regulations and standards, particularly those relevant to the defense industries.
Ability to maintain a U.S. security clearance, prerequisite for clearance is U.S. citizenship.
Knowledge of security technologies, such as CCTV systems, access control systems, and cybersecurity tools.
Desired Characteristics
Deep understanding of Controlled Unclassified Information (CUI) regulations, including NIST SP 800‑171 and DFARS.
Familiarity with FAR, DFARS, ITAR, and EAR regulations and how they apply to CUI handling.
Experience developing and overseeing CUI programs to ensure compliance with federal regulations.
An active U.S. security clearance.
IAT Level II certification.
Knowledge of NIST Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM), National Industrial Security Program Operating Manual (NISPOM), and NISP Enterprise Mission Assurance Support Service (eMASS).
Knowledge of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), classified computer operations, and experience with the technical configuration requirements for various operating systems.
Knowledge and experience identifying, assessing, and documenting compliance against applicable DoD security controls (technical, management, operational), within RMF packages.
Compensation and Benefits Base pay range: $96,900 – $150,000 per year.
Eligibility for bonuses such as performance bonus, variable incentive compensation, and equity.
Geographic differential of 110%, 120%, or 130% of base salary applicable to certain locations.
Health benefits: medical, dental, vision, and prescription drug coverage; access to a Health Coach, 24/7 nurse‑based resource, and Employee Assistance Program with 24/7 confidential counseling and referral services.
Retirement benefits: GE Retirement Savings Plan and tax‑advantaged 401(k) savings opportunity with company matching and retirement contributions, plus access to Fidelity resources and planning consultants.
Other benefits: tuition assistance, adoption assistance, paid parental leave, disability insurance, life insurance, paid time off for vacation or illness, and 12 paid holidays.
Relocation assistance provided: Yes.
Location Findlay, PA
(additional candidate locations may be considered).
Equal Opportunity Employer GE Vernova is an Equal Opportunity Employer.
Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
Security Clearance This role requires access to U.S. export‑controlled information. Final offers will be contingent upon the ability to obtain authorization for access to U.S. export‑controlled information from the U.S. Government.
#J-18808-Ljbffr
Roles and Responsibilities
Develop and implement CMMC compliance strategies and policies to ensure that all research and development activities meet CMMC standards.
Conduct regular audits and assessments to identify and mitigate cybersecurity risks and vulnerabilities.
Collaborate with cross‑functional teams, including IT, legal, and project management, to ensure CMMC compliance across all projects and initiatives.
Provide training and guidance to employees on CMMC requirements and best practices.
Stay current with CMMC updates and industry trends and advise leadership on necessary adjustments to compliance strategies.
Prepare and maintain documentation required for CMMC certification and audits.
Work with external auditors and certification bodies to facilitate CMMC assessments and certifications.
Develop and maintain a CMMC compliance program that aligns with GE Vernova’s overall cybersecurity strategy.
Ensure compliance with all applicable U.S. Government security regulations for information systems and networks under the NIST Risk Management Framework (RMF) process in accordance with the DCSA Assessment and Authorization Process Manual (DAAPM).
Perform and review technical security assessments to identify vulnerabilities and ensure compliance with information assurance standards and regulations.
Conduct regular security audits and assessments.
Prepare, modify and review system security plans (SSP).
Identify information system risks and possible mitigation measures, documenting these in various risk reports and Plans of Action and Milestones (POA&Ms).
Required Qualifications
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. A Master’s degree is a plus.
Professional certification in CMMC (e.g., CMMC Registered Practitioner, CMMC Provisional Assessor) is required.
Minimum of 6‑7 years of experience in cybersecurity, with a focus on CMMC compliance or a similar framework (e.g., NIST 800‑171, ISO 27001).
Strong understanding of cybersecurity principles, risk management, and compliance frameworks.
Excellent communication and interpersonal skills, with the ability to collaborate effectively with diverse teams.
Strong analytical and problem‑solving skills, with the ability to identify and mitigate cybersecurity risks.
Familiarity with federal cybersecurity regulations and standards, particularly those relevant to the defense industries.
Ability to maintain a U.S. security clearance, prerequisite for clearance is U.S. citizenship.
Knowledge of security technologies, such as CCTV systems, access control systems, and cybersecurity tools.
Desired Characteristics
Deep understanding of Controlled Unclassified Information (CUI) regulations, including NIST SP 800‑171 and DFARS.
Familiarity with FAR, DFARS, ITAR, and EAR regulations and how they apply to CUI handling.
Experience developing and overseeing CUI programs to ensure compliance with federal regulations.
An active U.S. security clearance.
IAT Level II certification.
Knowledge of NIST Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM), National Industrial Security Program Operating Manual (NISPOM), and NISP Enterprise Mission Assurance Support Service (eMASS).
Knowledge of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), classified computer operations, and experience with the technical configuration requirements for various operating systems.
Knowledge and experience identifying, assessing, and documenting compliance against applicable DoD security controls (technical, management, operational), within RMF packages.
Compensation and Benefits Base pay range: $96,900 – $150,000 per year.
Eligibility for bonuses such as performance bonus, variable incentive compensation, and equity.
Geographic differential of 110%, 120%, or 130% of base salary applicable to certain locations.
Health benefits: medical, dental, vision, and prescription drug coverage; access to a Health Coach, 24/7 nurse‑based resource, and Employee Assistance Program with 24/7 confidential counseling and referral services.
Retirement benefits: GE Retirement Savings Plan and tax‑advantaged 401(k) savings opportunity with company matching and retirement contributions, plus access to Fidelity resources and planning consultants.
Other benefits: tuition assistance, adoption assistance, paid parental leave, disability insurance, life insurance, paid time off for vacation or illness, and 12 paid holidays.
Relocation assistance provided: Yes.
Location Findlay, PA
(additional candidate locations may be considered).
Equal Opportunity Employer GE Vernova is an Equal Opportunity Employer.
Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
Security Clearance This role requires access to U.S. export‑controlled information. Final offers will be contingent upon the ability to obtain authorization for access to U.S. export‑controlled information from the U.S. Government.
#J-18808-Ljbffr