We seek someone that is experienced in Technology Cybersecurity Governance, Risk and Compliance (GRC). This position includes responsibility for overseeing cybersecurity compliance within our's and our client's organizations, ensuring compliance with laws, regulatory requirements, policies, and procedures are consistently and routinely met.
This position is one part of a team of 3 that we established - consisting of Cybersecurity, Networking and System Administration. This position reports to the Director of Productivity.
Responsibilities of this Position:
· Plan, design, and maintain Compliance security policies and procedures which safeguard the integrity of and access to enterprise systems, files, and data elements.
· Responsible for creating and maintaining reporting data to enable near real time risk assessment to the technical management team and CEO.
· Develop and maintain compliance risk assessment and treatment reporting to achieve desired business outcomes.
· Evaluate current policies, procedures, and documentation for compliance with government laws and regulations.
· Follow architecture principles to guide day-to-day needs and annual planning/prioritization initiatives.
· Report compliance for applicable legislation including HIPAA, and privacy laws in support of IT organizations, and business functions including Internal Audit, Government Compliance, Contracts, and Legal.
· Perform and investigate internal and external information security risk and exception assessments.
· Report compliance to ISO/IEC 27000 Information Security standards and best security practices for applicable regulatory requirements, such as US FAR/DFARS, pertaining to Cyber Security Risk Management Framework, NIST SP 800 series, the Center for Internet Security (CIS) Critical Security Controls, General Data Protection Regulation (GDPR) where applicable and Payment Card Industry (PCI) compliances.
· Adjust risk tracking/reporting for technology trends, vulnerability changes, and compliance gaps.
· Interpret regulations as they apply to enterprise information system products, processes, practices, and procedures.
· Train, guide, and act as a resource on security assessment functions to other team members.
· Participate in information security audits.
Qualifications of this Position:
· Outstanding proficiency in communication skills (both written and oral), as well as building and sustaining relationships needed to achieve objectives.
· Expertise in delivering innovative compliance solutions that align with organizational strategies, goals, and objectives.
· Experience evaluating new and emerging IT and cybersecurity technologies.
· Security+, Network+ and/or Systems Security Certified Practitioner (SSCP) certification (or equivalent entry-level certification)
· Computer Science, IT or Cybersecurity (or a related discipline from an accredited college or university) degree and 1+ years of governance, risk, and compliance experience
· U.S. Citizenship required for this opportunity.
· Position may involve extended periods of sitting, walking, standing and use of stairs.
· Must be dependable and punctual.
· Physical requirements are sitting, walking, standing, extensive use of stairs, and access to remote structures.
· Shift work may be required.
· Must be able to accurately communicate ideas in writing and verbal communication.
· Must be able to travel to support position requirements.
· Grooming and dress must be appropriate for the position and must not impose a safety risk/hazard to the employee or others.
· Must comply with all “drug free workplace” requirements as mandated by directives issued by the appropriate federal contracting officer and the company, which requires drug testing for use of illegal drugs by employees in sensitive positions.
· Government security clearance may be required in the future.
· Must maintain a positive work atmosphere by behaving and communicating in a manner that fosters good relations with customers, clients, co-workers, and management.
· Ability to work independently and be able to work collaboratively with cross-functional teams, including IT, Legal, and Cyber Security.
· Ability to communicate effectively with technical and non-technical stakeholders, including senior management and external auditors.
· Excellent attention to detail to identify potential security risks and ensure compliance with regulations.
· Commitment to continuous learning and staying up to date with industry trends and best practices.
Company offered Benefits for Full-Time Employees:
· 100% company-paid Health Insurance
· 100% company-paid Dental Insurance
· 100% company-paid Vision Insurance
· 100% paid $50,000 Life & AD&D Insurance coverage
· 3 weeks (120 hours) paid vacation time per year (pro-rated 1st year of employment).
· 1 week (40 hours) paid sick time per year (pro-rated 1st year of employment).
· Free personal business laptop and supplies.
· Birthday – (8 hours) paid time off.
Company offered Employee Benefits for All Employees:
· Tuition Reimbursement for Industry Certifications requested by company.
· Company-supplied break-room snacks, coffee, and water.
· Company sponsored team gatherings and employee appreciation events.
· Free on-site parking.
· At cost electronic equipment and supplies for employees.
· Discounted electronic equipment and supplies for family members.
· Individualized goal plans.
· Company-supplied logo work apparel.
· Adjustable stand/sit desks.
· Onsite office dog.
· Onsite break room with refrigerator, freezer, and microwave
· Secluded quiet desk to take business calls away from tech room.
· Resting area for breaks and lunches.