Cyber and Data Security Manager

Job Description

Job Description

ERG is a research and consulting firm that provides a wide range of support to federal, state, and commercial clients. ERG offers multidisciplinary teams with nationally recognized skills in engineering, science, economics, public health, informational technology, and communications. We hire people with the best minds and then provide them with a vibrant and flexible environment in which to develop their careers. The qualified individual must be highly motivated with the skills to prioritize, perform, and communicate effectively in a fast-paced environment.

ERG is seeking an experienced Cyber and Data Security Manager with a minimum of 10 years working in IT security operations including 3+ years of hands-on experience implementing and maintaining controls under NIST SP 800-171 (CMMC Level 2) within a U.S. Government contractor environment where CUI is processed.

The ideal candidate will be responsible for developing, maintaining and updating comprehensive compliance documents and procedures, for growing our security capabilities.

Job Description :

• Develop, maintain, and update comprehensive compliance documentation including System Security Plan (SSPs), Plans of Action and Milestones (POA&M), implement policies and procedures and other supporting artifacts to ensure adherence to security standards
• Collaborate with both internal resources as well as external consultants and auditors, to facilitate compliance reviews, assessments and gap analyses
• Prepare for and facilitate CMMC assessments, including self-assessments and third-party audits by Certified Third-Party assessor Organizations (C3PAO)
• Ensure that our information security assets, policies, and processes are reliable, available, provide confidentiality, and are generally safe from unauthorized use and intrusion
• Provide day-to-day security support around the infrastructure and procedures used to protect and secure Controlled Unclassified Information (CUI), including ERG’s related computer systems, data, and network
• Perform risk analysis on threats, security alerts, and other suspicious systems or network activity
• Lead incident response efforts, including investigation, containment, and recovery
• Identify and analyze existing processes and procedures to meet new IT Security goals and objectives
• Evaluate security incidents to determine impact & escalate appropriately
• Monitor, aggregate, label, and manage artifacts related to the Security Program assessment and external audits
• Develop, document, and assist with implementing ISO 270001 and NIST / CMMC framework standards, procedures, processes, and guidelines
• Plan and monitor security measures for the protection of computer systems, networks, and information, including the use of Security Information and Event
• Management (SIEM) products
• Develop and deliver cyber-related training programs for employees and stakeholders
• Provide security awareness training on recognizing and reporting potential indicators of external insider threats
• Ensure integrity and security of company data
• Support ERG’s Change & Configuration Control Board (CCB) through actions such as documenting change requests and participating in regular CCB meetings

Qualifications and Skills :

A plus if you have :

ERG offers competitive salaries and excellent benefits, including health and dental insurance, life insurance, long-term disability, educational benefits, FSAs, a generous 401k plan, profit sharing, an EAP, 11-20 paid vacation days per year, 10 paid holidays per year, 56 hours or more of sick leave (based on the state you work in) per year (pro-rated for part-time) and more. The salary range for all positions depends on the years and type of experience.

ERG is an equal opportunity employer and complies with all applicable EEOC regulations. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual preference, national origin, disability, or status as a protected veteran.

Please be aware, the only authentic corporate domain for ERG is https : / / www.erg.com.   ERG may, on occasion, screen applicants via telephone or video interviews via Skype, Teams, GoToMeeting, or another type of video platform. However, any candidate extended a job offer might be asked to meet in person with an ERG employee before providing confidential personal information associated with new employment.

If you’re a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access ERG’s online application process as a result of your disability. To request accommodation, please contact Human Resources via email at Resumes-Lex@erg.com or call (781) 674-7293.

ERG fosters a friendly, flexible work environment. ERGers are dedicated to serving clients who are committed to making the world a better place. We promote and recognize principles of fairness and respect in the work we do, the partnerships we foster, and the culture we value both within and outside of our organization.