Cybersecurity Compliance SpecialistR.E. Darling Co. Inc. • Tucson, AZ, US

Cybersecurity Compliance Specialist

R.E. Darling Co. Inc. • Tucson, AZ, US

12 days ago

Job type

Full-time

Job description

This position will require access to ITAR and / or EAR controlled technical data, technology or source code, and requires that all individuals in this role be authorized to access such information

General Description

The Cybersecurity & Compliance Specialist is a salaried position reporting to the Information Technology & Systems Manager. The Cybersecurity & Compliance Specialist is responsible for the Cybersecurity posture, compliance, readiness, training and ongoing governance of information systems subject to Cybersecurity Maturity Model Certification (CMMC) and Controlled Unclassified Information (CUI). The Cybersecurity & Compliance Specialist will lead cross-functional working groups and coordinate with External Service Providers (ESP) as required. This position requires strong organizational skills, analytical skills, a high level of attention to detail and knowledge of current requirements for compliance. Good communications skills are required with the ability to work with all levels of the organization diplomatically and skillfully.

Primary Responsibilities

Provide governance and CMMC Program Management to ensure compliance to legal and regulatory requirements including dictated customer requirements
Maintain and update REDAR's System Security Policy, Plan of Action & Milestones (POA&Ms), Risk assessments and related security policies
Cyber Security / Disaster Recovery / Incident Response and Business Continuity Planning
Cyber Security, Controlled Unclassified Information (CUI), Risk Awareness and IT policy training
Ensure continuous monitoring, logging, vulnerability scanning and system hardening

Education and Experience Requirements

Bachelor's degree in computer sciences, Information Systems or a specialized cybersecurity program, which will provide foundational knowledge in network security, risk management, cryptography, and threat detection

Minimum three years' experience in the following areas

Monitoring and remediating Cyber Security threats

Implementation and retention of corporate policies

Training employees on Cyber Security policies and awareness

Windows server administration

Microsoft Office 365 & Exchange administration

Previous employment with a Department of Defense Contractor preferred

Previous experience with CMMC and NIST 800-171 compliance preferred

Specific Tasks and Focus Areas

Provide governance and CMMC Program Management to ensure compliance to legal and regulatory requirements including dictated customer requirements

Collaborate with Information Technology & Systems Manager to manage Information System Security for CUI systems

Cybersecurity Maturity Model Certification (CMMC) and NIST 800-171 Compliance & Governance

Develop and execute a strategic roadmap to achieve and maintain CMMC Level 2 Compliance

Coordinate readiness assessments, gap analysis and remediation planning

Oversee implementation and maintenance of NIST SP 800-171 controls

Implementation, and retention of IT policies, processes and systems required to satisfy CMMC (including NIST 800-171) compliance

Collaborate with business units to develop and implement processes & procedures to support regulatory and customer dictated security requirements

Provide evidence / supporting documents to attest to individual requirements of CMMC and NIST 800-171

Enter data required in Procurement Integrated Enterprise Environment (PIEE) for CMMC, Supplier Performance Risk System (SPRS), etc.

Coordinate with Registered Practitioner Organization (RPO) and Certified Third-Party Assessor Organization (C3PAO) to attain / retain CMMC certification.

Primary liaison with Customers, Senior Leaders, Managers, Contracts / Exports Department and other internal employees as required regarding CMMC compliance and status

Collaboration with Supply Chain

Monitoring of CMMC related FAR / DFAR clauses

Develop and execute process to Audit departments and users for compliance

Current awareness of changing and upcoming security and compliance requirements

Additional Focus

Maintain and update REDAR's System Security Policy (SSP), Plan of Action & Milestones (POA&Ms), Risk assessments and related security policies

Review and update System Security Plan (SSP) to reflect current requirements

Review and update Plan of Action and Milestones (POAM) to reflect current status for meeting / retaining CMMC certification

Review and update REDAR Information System Security (ISS) policies as required

Communicate and train users to revised requirements for the SSP, POA&M and related policies

Cyber Security / Disaster Recovery / Incident Response and Business Continuity Planning

Review and update REDAR's Incident Response Plan

Lead security incident response and reporting activities for in-scope systems

Respond to and oversee mitigation of threats in a timely manner per REDAR's Incident Response Plan

Ensure best practices for security with least level of access required are employed

Stay abreast of current and trending threats by reviewing Cyber Intel provided by Managed Detection and Response (MDR) and / or Managed Service Security Provider (MSSP) as required

Collaborate with Information Technology & Systems Manager to implement and support requirements for qualification of Cybersecurity Insurance

Collaborate with Information Technology & Systems Manager to implement proactive solutions to prevent against new threats as they become known

Oversee and direct company communication and education to provide user awareness of ongoing threats and risks

Oversee system patches / updates to operating systems & clients are implemented

Awareness of company data Backup, Disaster Recovery and Business Continuity Plans

Collaborate with the Information Technology & Systems Manager to develop and review that appropriate security procedures are in place to safeguard the systems from physical harm and viruses, unauthorized users and damage to data

Review and update REDAR's incident response plan

Training and Awareness

Provide Cyber Security, Controlled Unclassified Information (CUI), Risk Awareness and IT policy training

Develop and maintain training media for cyber security requirements, CUI and risk awareness

Train employees in cyber security requirements, CUI, risk awareness and company security policies

Ongoing current cyber threat awareness training

Ongoing training on revisions to REDAR's Information Systems Security Policy (ISS) and related policies

Continuous Monitoring and Security Operations

Ensure continuous monitoring, logging, vulnerability scanning and system hardening.

Coordinate with contracted External Service Providers (ESP) for Managed Detection and Response (MDR), Managed Service Provider (MSP) and / or Managed Service Security Provider (MSSP) as required

Coordinate with Information Technology & Systems Manager and Network & Systems Administrator as required

AA / EOE / W / M / Vet / Disable

R.E. Darling Co., Inc. is an equal opportunity employer. All qualified applicants will receive consideration of employment without regard to race, religion, color, national origin, gender, gender identity, sexual orientation, age, status as protected veteran, among other things, or status as qualified individual with disability.

Qualifications

Education

Preferred

Bachelors or better in Computer Science.

Bachelors or better in Information Technology.

Technical / other training or better in Computer Science.

Technical / other training or better in Information Technology.

Equal Opportunity Employer / Protected Veterans / Individuals with Disabilities

This employer is required to notify all applicants of their rights pursuant to federal employment laws.For further information, please review the Know Your Rights notice from the Department of Labor.

J-18808-Ljbffr

Create a job alert for this search

Cybersecurity Specialist • Tucson, AZ, US

Related jobs