CMMC Compliance Manager / ISSO

GE Vernova-posted 22 days ago
Full-time • Mid Level
Findlay Township, PA
5,001-10,000 employees
Electrical Equipment, Appliance, and Component Manufacturing
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

We are seeking a highly motivated and detail-oriented CMMC Compliance Manager to ensure that our activities comply with the Cybersecurity Maturity Model Certification (CMMC) standards. The CMMC Compliance Manager will play a critical role in maintaining and enhancing our cybersecurity posture, ensuring that all processes, systems, and personnel meet the rigorous CMMC requirements. This role will also assume the duties of an Information System Security Officer (ISSO), focusing on ensuring the security, compliance, and authorization of critical federal agency information systems.

  • Develop and implement CMMC compliance strategies and policies to ensure that all research and development activities meet CMMC standards.
  • Conduct regular audits and assessments to identify and mitigate cybersecurity risks and vulnerabilities.
  • Collaborate with cross-functional teams, including IT, legal, and project management, to ensure CMMC compliance across all projects and initiatives
  • Provide training and guidance to employees on CMMC requirements and best practices.
  • Stay current with CMMC updates and industry trends and advise leadership on necessary adjustments to compliance strategies.
  • Prepare and maintain documentation required for CMMC certification and audits.
  • Work with external auditors and certification bodies to facilitate CMMC assessments and certifications.
  • Develop and maintain a CMMC compliance program that aligns with GE Vernova's overall cybersecurity strategy.
  • Ensure compliance with all applicable U.S. Government security regulations for information systems and networks under the NIST Risk Management Framework (RMF) process in accordance with the DCSA Assessment and Authorization Process Manual (DAAPM).
  • Perform and review technical security assessments to identify vulnerabilities and ensure compliance with information assurance standards and regulations.
  • Conduct regular security audits and assessments.
  • Prepare, modify and review system security plans (SSP).
  • Identify information system risks and possible mitigation measures, documenting these in various risk reports and Plans of Action and Milestones (POA&Ms).
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. A Master's degree is a plus.
  • Professional certification in CMMC (e.g., CMMC Registered Practitioner, CMMC Provisional Assessor) is required.
  • Minimum of 6-7 years of experience in cybersecurity, with a focus on CMMC compliance or a similar framework (e.g., NIST 800-171, ISO 27001).
  • Strong understanding of cybersecurity principles, risk management, and compliance frameworks.
  • Excellent communication and interpersonal skills, with the ability to collaborate effectively with diverse teams.
  • Strong analytical and problem-solving skills, with the ability to identify and mitigate cybersecurity risks.
  • Familiarity with federal cybersecurity regulations and standards, particularly those relevant to the defense industries.
  • Ability to maintain a U.S. security clearance, prerequisite for clearance is U.S. citizenship.
  • Knowledge of security technologies, such as CCTV systems, access control systems, and cybersecurity tools.
  • Deep understanding of Controlled Unclassified Information (CUI) regulations, including NIST SP 800-171 and DFARS.
  • Familiarity with FAR, DFARS, ITAR, and EAR regulations and how they apply to CUI handling.
  • Experience developing and overseeing CUI programs to ensure compliance with federal regulations.
  • An active U.S. security clearance.
  • IAT Level II certification
  • Knowledge of NIST Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM), National Industrial Security Program Operating Manual (NISPOM), and NISP Enterprise Mission Assurance Support Service (eMASS).
  • Knowledge of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), classified computer operations, and experience with the technical configuration requirements for various operating systems.
  • Knowledge and experience identifying, assessing, and documenting compliance against applicable DoD security controls (technical, management, operational), within RMF packages.
  • Healthcare benefits include medical, dental, vision, and prescription drug coverage; access to a Health Coach, a 24/7 nurse-based resource; and access to the Employee Assistance Program, providing 24/7 confidential assessment, counseling, and referral services.
  • Retirement benefits include the GE Retirement Savings Plan, a tax-advantaged 401 (k) savings opportunity with company matching contributions and company retirement contributions, as well as access to Fidelity resources and planning consultants.
  • Other benefits include tuition assistance, adoption assistance, paid parental leave, disability insurance, life insurance, and paid time-off for vacation or illness.
  • Available benefits include medical, dental, vision, and prescription drug coverage; access to Health Coach from GE Vernova, a 24/7 nurse-based resource; and access to the Employee Assistance Program, providing 24/7 confidential assessment, counseling and referral services.
  • Retirement benefits include the GE Vernova Retirement Savings Plan, a tax-advantaged 401(k) savings opportunity with company matching contributions and company retirement contributions, as well as access to Fidelity resources and financial planning consultants.
  • Other benefits include tuition assistance, adoption assistance, paid parental leave, disability benefits, life insurance, 12 paid holidays, and permissive time off.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service