American Roll-On Roll-Off Carrier Group, Inc.
Cyber Security Engineer / NIST Specialist
American Roll-On Roll-Off Carrier Group, Inc., Parsippany, New Jersey, United States
Overview
American Roll-on Roll-off Carrier is seeking an experienced (5+ Years) Cyber Security Engineer with strong hands-on implementation experience with NIST 800-171 / CMMC Level-2, NIST 800-53 and/or NIST CSF controls. Job Description
In this role, you will: Develop and maintain NIST 800-171 / CMMC Level 2 POA&Ms, system security plans (SSPs), detailed policy & procedure documentation, and supporting evidence/artifacts. Be execution responsible for the implementation of (and continuous review, update and verification of) the Company’s IT-related security and compliance requirements and initiatives. Collaborate with both internal resources and external consultants and auditors, to facilitate compliance reviews, assessments and gap analyses. Prepare for and facilitate CMMC assessments, including self-assessments and third-party audits by Certified Third-Party Assessor Organizations (C3PAO). Assist internal teams in understanding CMMC requirements and their impact on organizational processes, technology, and security Develop and deliver cyber-related training programs for employees/stakeholders. Stay current on CMMC program changes and evolving cybersecurity standards from NIST and other relevant bodies. Gain a thorough understanding of all of the Company’s technology, and the business and operational processes they facilitate, sufficiently to evaluate controls and identify risk and compliance concerns. Develop and verify IT-related remediation and contingency plans. Develop and review, continuously, cybersecurity advisories, logs, training, and reports, to assure security. Design/identify, implement, and maintain automated solutions, to facilitate proactive notifications of security-related issues/incidents, including unauthorized or inappropriate configuration changes. Be a reliable, responsible, and accountable self-starter, able to prioritize tasks and work independently. Job Requirements
Required skills/experience: Minimum of 5 years of experience in a Corporate IT environment, in a hands-on role
dedicated
to information security compliance, systems security, IT risk management, IT audit, or similar/related. Demonstrated hands-on experience with NIST 800-171 and ISO-27001 controls. Hybrid position but must be within commuting distance to Northern NJ for regular meetings. Occasional travel. Experience independently evaluating controls that are applied to technology-driven processes. Experience authoring and maintaining detailed documentation that defines policies, procedures, and execution plans, and as proof/support of compliance. Strong knowledge of enterprise Information Security pillars (Perimeter security, Identity Management and Governance, Privileged Account Management, Compliance, Penetration testing, Encryption, Cloud Security, Incident Response, Vulnerability Management). Familiarity with a variety of technologies, operating systems, databases, and reporting and data analytics tools. Ability to effectively communicate security-related concepts to a broad range of technical and non-technical professionals. Excellent project, time management and organizational skills. Eligibility for security clearance. Bachelor’s degree in computer science, cyber/information security, or similar. A plus if you have any of these: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISM), Certified Information Systems Manager (CISA), GIAC (multiple certifications), or other similar certification(s) related to cyber and information security. Demonstrated experience with NIST 800-53, NIST CSF, SANS / CIS Top 20, FedRAMP, FISMA and GDPR. Experience with scripting tools such as PowerShell, Python (or others). Experience with vulnerability management and understanding of common vulnerability types and remediation practices. Experience in container solutions (Docker preferred). Target Salary to $135k (DOE) About ARC ARC provides global logistics and shipping services to the U.S. Government. ARC and its affiliates own and manage the largest U.S. flag roll-on roll-off (Ro-Ro) fleet. This includes providing American-owned, managed, and crewed RoRo shipping and intermodal services committed to the requirements of the Department of Defense, other U.S. Government departments and agencies, and commercial customers. . Pay Type Salary #J-18808-Ljbffr
American Roll-on Roll-off Carrier is seeking an experienced (5+ Years) Cyber Security Engineer with strong hands-on implementation experience with NIST 800-171 / CMMC Level-2, NIST 800-53 and/or NIST CSF controls. Job Description
In this role, you will: Develop and maintain NIST 800-171 / CMMC Level 2 POA&Ms, system security plans (SSPs), detailed policy & procedure documentation, and supporting evidence/artifacts. Be execution responsible for the implementation of (and continuous review, update and verification of) the Company’s IT-related security and compliance requirements and initiatives. Collaborate with both internal resources and external consultants and auditors, to facilitate compliance reviews, assessments and gap analyses. Prepare for and facilitate CMMC assessments, including self-assessments and third-party audits by Certified Third-Party Assessor Organizations (C3PAO). Assist internal teams in understanding CMMC requirements and their impact on organizational processes, technology, and security Develop and deliver cyber-related training programs for employees/stakeholders. Stay current on CMMC program changes and evolving cybersecurity standards from NIST and other relevant bodies. Gain a thorough understanding of all of the Company’s technology, and the business and operational processes they facilitate, sufficiently to evaluate controls and identify risk and compliance concerns. Develop and verify IT-related remediation and contingency plans. Develop and review, continuously, cybersecurity advisories, logs, training, and reports, to assure security. Design/identify, implement, and maintain automated solutions, to facilitate proactive notifications of security-related issues/incidents, including unauthorized or inappropriate configuration changes. Be a reliable, responsible, and accountable self-starter, able to prioritize tasks and work independently. Job Requirements
Required skills/experience: Minimum of 5 years of experience in a Corporate IT environment, in a hands-on role
dedicated
to information security compliance, systems security, IT risk management, IT audit, or similar/related. Demonstrated hands-on experience with NIST 800-171 and ISO-27001 controls. Hybrid position but must be within commuting distance to Northern NJ for regular meetings. Occasional travel. Experience independently evaluating controls that are applied to technology-driven processes. Experience authoring and maintaining detailed documentation that defines policies, procedures, and execution plans, and as proof/support of compliance. Strong knowledge of enterprise Information Security pillars (Perimeter security, Identity Management and Governance, Privileged Account Management, Compliance, Penetration testing, Encryption, Cloud Security, Incident Response, Vulnerability Management). Familiarity with a variety of technologies, operating systems, databases, and reporting and data analytics tools. Ability to effectively communicate security-related concepts to a broad range of technical and non-technical professionals. Excellent project, time management and organizational skills. Eligibility for security clearance. Bachelor’s degree in computer science, cyber/information security, or similar. A plus if you have any of these: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISM), Certified Information Systems Manager (CISA), GIAC (multiple certifications), or other similar certification(s) related to cyber and information security. Demonstrated experience with NIST 800-53, NIST CSF, SANS / CIS Top 20, FedRAMP, FISMA and GDPR. Experience with scripting tools such as PowerShell, Python (or others). Experience with vulnerability management and understanding of common vulnerability types and remediation practices. Experience in container solutions (Docker preferred). Target Salary to $135k (DOE) About ARC ARC provides global logistics and shipping services to the U.S. Government. ARC and its affiliates own and manage the largest U.S. flag roll-on roll-off (Ro-Ro) fleet. This includes providing American-owned, managed, and crewed RoRo shipping and intermodal services committed to the requirements of the Department of Defense, other U.S. Government departments and agencies, and commercial customers. . Pay Type Salary #J-18808-Ljbffr