Job Description

  In this role you will:  

• Be execution responsible for the implementation of (and continuous review, update and verification of) the Company’s IT-related security and compliance requirements and initiatives.  
  

• Develop and maintain NIST 800-171 (future CMMC Level-2) POA&Ms, information system security plans (SSPs) and detailed supporting documentation.  
  

• Collaborate with both internal resources as well as external consultants and auditors, to facilitate compliance reviews and certifications.  
  

• Gain thorough understanding of all of the Company’s technology, and the business and operational processes they facilitate, sufficiently to evaluate controls and identify risk and compliance concerns.  
  

• Execute compliance and information security-related projects in accordance with strategic objectives .  
  

• Develop and verify IT-related remediation and contingency plans.  
  

• Develop and review, on a continuous basis, cybersecurity logs and reports, to verify security.  
  

• Design/ identify , implement, and maintain automated solutions, to facilitate proactive notifications of security-related issues/incidents – including unauthorized or inappropriate configuration changes.  
  

• Manage the control frameworks and documents that support our information-security compliance standards.  
  

• Be a reliable, responsible, and accountable self-starter, able to prioritize tasks and work independently.  
  

Requirements

Required skills/experience:  

• Bachelor’s degree in Computer Science , Cyber/Information Security, or similar.  
  

• Minimum of 3 years of experience in a Corporate IT environment, in a hands-on role dedicated to information security compliance , systems security, IT risk management, IT audit, or similar/related.  
  

• Demonstrated hands-on experience with NIST 800-171 and ISO-27001 controls.  
  

• Experience independently evaluating controls which are applied to technology-driven processes.  
  

• Experience authoring and maintaining detailed documentation which define policies, procedures and execution plans, and as proof/support of compliance.  
  

• Strong knowledge of enterprise Information Security pillars (Perimeter security, Identity Management and Governance, Privileged Account Management, Compliance, Penetration testing, Encryption, Cloud Security, Incident Response, Vulnerability Management).  
  

• Familiarity with a variety of technologies, operating systems, databases, and reporting and data analytics tools.  
  

• Ability to effectively communicate security-related concepts to a broad range of technical and non-technical professionals.  
  

• Excellent project and time management and organizational skills.  
  

• Eligibility for security clearance.  
  

• Hybrid position, but must be within commuting distance to Northern NJ for regular meetings. Occasional domestic USA travel (Washington/Virginia, Jacksonville FL).  
  

A plus if you have any of these:  

• Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISM), Certified Information Systems Manager (CISA), GIAC (Global Information Assurance Certification)/GSNA (GIAC Systems & Network Auditors) or other similar certification(s).  
  

• Demonstrated experience with NIST 800-53, NIST CSF, SANS / CIS Top 20, Fed ramp , FISMA, GDPR.  
  

• Experience with scripting tools such as PowerShell, Python (or others).  
  

• Experience in container solutions (Docker preferred).  
  

Job Tags

Similar Jobs