CMMC Information Security Expert North America
About The Position
This position is responsible for the continuous technical and process development and implementation of the security requirements, based on the NIST 800-171 and DFARS in accordance with CMMC. These requirements must be implemented and maintained for four manufacturing sites: Valencia, CA, St. Marys, PA, Arkadelphia, AR, and Sinking Springs, PA. This position will functionally report to the Head of Information Security in Germany and legally to the Head of Shared Services NA. The role requires the ability to present and discuss on a management level, with at least five years of experience in technical and organizational information security and a good knowledge of NIST 800-171, DFARS, CMMC, and ISO 27001. The incumbent will be responsible for making and keeping the described sites CMMC compliant throughout the entire implementation phase and afterwards.
Requirements
- University Degree in IT or comparable, specialized professional experience
- 5 years of experience in Information Security
- Experience in Information Security Consulting
- Deep analytic skills for complex technical and organizational topics
- Experience with Export Controlled information, ITAR and CUI
- Strong communication and training skills
Nice To Haves
- Experience in production related IT (OT)
Responsibilities
- Risk Assessment and consulting of IT and production departments on all information security related technical requirements
- Ensuring the required level of security in line with SGL's high requirements in the context of IT projects
- Definition of security-relevant framework parameters for technical solutions
- Implementation and continuous improvement of the information security management system (ISMS) following ISO 27001 standards including processes, requirements, regulations and leading documents
- Integration and enforcement of Information Security Policies and exception evaluation
- Identify and maintain legally binding requirements and ensure secure implementation and compliance during implementation and operation of IT equipment in any kind or form
- Self-reliant and independent leading and processing of projects regarding time, scope and budget
- Planning and execution of external supplier/certification audits (CMMC) and internal compliance audits to policies
- Developing and execution of security trainings for SGL employees in the US
- Coordination and support of the policy compliant implementation of information security relevant access controls (NAC 802.1X, Firewall Changes, FIPS 140, Web Access, Cloud authentication and authorization (Conditional Access, ADFS, MFA, BYOD, etc.))
Benefits
- Medical and Prescription Drug coverage
- Dental insurance
- Vision insurance
- Employee Assistance Program (EAP)
- Flexible Spending Account (FSA)
- Health Savings Account (HSA)
- Basic Life and AD&D (Accidental Death & Dismemberment) insurance
- Short Term and Long Term Disability insurance
- Voluntary Spouse Life insurance
- Voluntary Child Life insurance
- 401k Savings Retirement Plan with employer match
- Vacation days
- Paid Holidays
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
Associate degree
