This position will be responsible for IT security, compliance, support build out and maintenance of security and compliance program with export controls, CUI data management, CMMC 2.0 compliance, and ultimately classified systems responsibilities.
Essential Duties and Responsibilities:
Develop and enforce security policies, practices and procedures to meet both internal and external cybersecurity requirements, including adherence to government regulations like NIST 800-53, DFARS, ITAR, FISMA, and other relevant frameworks.
Ability to identify areas where FedRAMP requirements may apply within our systems and anticipated future state.
Monitor and appropriately implement compliance with industry standards (e.g., ISO 27001, NIST Cybersecurity Framework) and ensure that all systems meet necessary security certifications and requirements.
Develop and communicate cyber security risk management strategies and plans to executive team, staff, partners, customers, and stakeholders.
Internal information technology and troubleshooting support.
Cybersecurity threat and vulnerability identification and maintenance of systems to protect against these issues.
Support mapping of contract requirements, regulations, federal contract information, and CUI; define authorization boundaries and architecture; scope, plan, and implement technical solutions; create policies, procedures, and artifacts to support the Company as it operates in this regulated environment; conduct self-assessment and support relevant audits.
Lead strategic cyber security risk management planning to achieve business goals by prioritizing.
Promote a "culture of risk awareness" by developing and executing a communications and education plan to create awareness through workshops, presentation, and direct interaction.
Develop, implement, maintain, and communicate cyber security risk management policy and related standards incorporating metrics to enable measurement of effectiveness.
Develop implement, maintain, and communicate cyber security policy management policy and process and execute against it.
Remain informed on trends and issues in the security, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.
Performs other related duties as assigned.
Qualifications
Must be a team player, highly motivated, must demonstrate a high degree of confidentiality, discretion, integrity, and professionalism in all aspects of the job. Excellent interpersonal skills. Ability to present ideas in business-friendly and user-friendly language. Exceptionally self-motivated and directed. Must be hands on. Superior analytical, evaluative, and problem-solving abilities. Excellent verbal and written communication skills. Excellent interpersonal and customer service skills. Excellent organizational skills and attention to detail. Excellent time management skills with a proven ability to meet deadlines. Proficient with Microsoft Office Suite.
Education/Experience
University degree in the field of Cyber Security, Risk Management, Information Systems Technology.
CISSP, CISM, or other relevant security certifications preferred.
At least 10 years of progressive technology security and compliance experience.
Special Knowledge / Skills:
Knowledge of Federal Risk and Authorization Management Program (FedRAMP).
Knowledge of cyber security principles, risk management and network security.
Experience with government contracts and security requirements (DFARS, ITAR etc).
Experience with security frameworks (e.g., NIST, ISO 27001, CIS) and best practices.
Ability to work harmoniously in a multi-cultural team environment.
Must have experience working with Microsoft Government Community Cloud High (GCC High) Tenant or Azure Government environments.
Physical Demands / Work Environment:
Normal amount of sitting or standing, average mobility to move around an office environment, able to conduct normal amount of work at a computer. Must be able to lift 20 pounds. Vision abilities required by this job include close vision and ability to adjust focus.
This job position may include access to controlled information or technology covered under applicable U.S. export control laws. As such, employment for this job position maybe contingent on either verification that an applicant falls under the definition of a "U.S. Persons" (which included US citizens, US lawful permanent residents, and those granted U.S. asylum or refugee status) or on the company timely obtaining any necessary export license required under federal laws. The Company evaluates such export license situations on a case-by-case basis and may decline to procced with a job applicant in its sole discretion since export license applications can take many weeks to be processed.
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.
No Unauthorized Referrals from Recruiters & Vendors
Please note that HDUSA does not seek or accept unsolicited resumes or offers from third party recruiters or staffing agencies associated with any published or unpublished employment opportunities. Any unsolicited information sent to HDUSA will be considered as unencumbered and free from any fee or charge whatsoever. Only members of our Human Resources Team have the authority to engage or authorize recruiting services, which must be agreed upon before the unsolicited resume or offer is received.