Cyber Security Program Manager

Description

Job Title: Cyber Security Program Manager /CISO  

Reports To: Sr. IT Manager 

Position Summary:

The Cyber Security Program Manager develops and manages the cybersecurity program at Graham. This position identifies and mitigates cyber risks by creating a holistic framework. Job duties include policy and procedure creation and management, risk assessments, management of cyber security and education programs, and creation of compliant CMMC, NIST 800-171, NN801-rev5, PCI, ITAR, EAR programs. This position drives overall risk down by developing a security operations plan built around best practices and frameworks. 

Key Results Areas:

Level III – Practice – Optimizing resources & utilization in an organization

Activity & Budget Planning/Performance/Consistency/Predictability

Cybersecurity Manager

1. Develop cyber education and training programs
2. Develop Cybersecurity policies, procedures, and processes
3. Manages all requirements for cyber reporting of incidents with the IT Manager
4. Develop and manage requirements around pen testing and other cyber threat testing
5. Validates security and configuration of third-party software, when needed
6. Designs and implements Vendor Risk Management program
7. Defines and manages tools needed for E-discovery and computer forensic needs
8. Configures GRC tool and monitoring plans to support any audits

Classified Systems (If Cleared)

1. Management of security and requirements and RMF configurations of systems
2. Management of Documenting and submitting systems in E-Mass either directly or as advisor to other security staff
3. Management of Security Training program to support classified systems
4. Management of training and support of IT security staff for classified systems
5. Support the FSO as AFSO if needed

Research/procurement/creation/monitoring/improvement of technology, systems, equipment & processes

1. Recommends mitigations for insider threat risks
2. Determines and manages security software evaluations and implementations to support the cyber program
3. Hands on implementation of security software, tools, or processes  

Develop, lead, staff, manage high performing team

CMMC/NIST 800-171/NNPI security lead

1. Lead compliance efforts for CUI and NNPI processing
2. Lead CMMC compliance and certification efforts
3. Lead NN-801-Rev5 compliance
4. Lead NIST 800-171 requirements
5. Manage internal and external audits and certifications
6. Update cyber scores in SPRS, Exostar or other government required systems

• Lead Cyber security projects and team members 
• Leads internal and external audit teams for all compliance
• Create a robust incident response team and processes including the creation and execution or regular tabletop exercises and playbooks

Provide effective communication and reporting to all stakeholders

1. Develop and present cyber security and risk management presentations to senior management and board members, as needed
2. Develops training materials and trains other staff
3. Reports incidents to DCSA, NCIS, FBI, DIBNET and others, as needed

Professional Development

1. Logs incidents into government systems for review
2. Manages cyber insurance evaluations and determines best path for reducing risk and keeping coverages
3. Takes lead in maintaining or developing IT processes
4. Project management
5. Software evaluation
6. System administration, if needed
7. Custom programming, if needed
8. Performs other related duties as required and assigned

Qualifications:

To qualify for this position, an individual must possess the knowledge, training, experience and abilities required.

Education and Training:

• Bachelor's degree in computer science or cybersecurity or applicable work experience

Experience:

• Strong cybersecurity or computer forensics background
• Working knowledge of RMF, CMMC, NIST, ITAR, EAR, PCI,NNPI/NOFORN (NN801-REV 5) and other security frameworks

Desired Job Qualifications:

• Experience working directly with business end-users preferred.
• System administration background 
• IT auditing & compliance
• Strong written and verbal communication skills
• Ability to manage other people and projects
• Strong security or IT operations background
• Experience with EMASS,DISS, NISS, NBIS or other 

Skills:

• Proficient in Microsoft Office software products
• Possession of or ability to obtain CISSP certification within 2 years of taking position 
• Possession of or ability to get within 1 year – Active Security clearance
• Ability to work efficiently with many different types of people, skill levels, and personalities
• Demonstrate behavior consistent with company values.
• Maintain strict confidentiality regarding company matters.
• Proficiency in word processing, spreadsheet, presentation, project management, enterprise resource planning, database software.
• Ability and willingness to abide by set policies and/or safety programs established by Graham, our clients, and/or regulatory agencies which govern our performance and behavior in the normal course of our work while on Graham or the client’s property or job site.
• Excellent written and verbal communication skills.
• Strong organizational and time management skills.
• High attention to detail.
• Ability to successfully plan and implement objectives within established timelines and work schedules.
• Ability to analyze problems and develop effective solutions at both strategic and functional levels.
• Develop strategies to achieve organizational goals; Understand organization’s strengths and weaknesses; Analyzes market and competition; Identifies external threats and opportunities; Adapts strategy to changing conditions.
• Demonstrate behavior consistent with company values.
• Ability to work independently, with minimal direction as a highly motivated self-starter and within a team-oriented culture.

Physical and Mental Demands

The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of the position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Physical Demands: May be required to move items up to 60 pounds for distances of up to 10 feet. May be required to stand, stoop, bend, kneel and squat for extended periods. May be exposed to fumes or dust, toxic or caustic chemicals, outdoor weather, moving mechanical parts and moderate to loud noise levels. Must wear appropriate protective gear and clothing as necessary. Traveling between buildings will be required. Require to speak and communicate clearly with others.
• Mental demands: While performing the duties of this position, the individual is required to read, write, analyze data and reports, exercise judgement, develop plans, procedures and goals, present information to others and work under pressure.
• Work environment: This job operates in a clerical office setting and in the manufacturing spaces. This role routinely uses standard office equipment such as computers, phones, photocopiers and filing cabinets

Work Authorization/Security Clearance

• Must be a U.S citizen. Must be able to obtain US government security clearance if required.

This job description is not all-inclusive but rather serves as a general guideline of the current needs of the position and can be modified at the discretion of management to meet current business needs. Experience and education requirements are the primary basis for awarding this position, however substitutions that are essentially equivalent may be made as they relate to the essential functions, duties, and responsibilities of this position