Compliance Manager (Information Security)

About The Position

Requirements

• The Compliance Manager must have a minimum of ten (10) years’ experience in supporting information security compliance functions.
• The Compliance Manager must have proven experience working with the National Industrial Security Operating Manual (NISPOM) and key information security frameworks relevant to government contracting and the IT industry such as: ISO 27001:2002, CMMC 2.0, NIST 800-171 revision 2, NIST 800-171 revision 3.
• The Compliance Manager must have an active top secret/SCI security clearance.
• Proficient understanding of key information security frameworks such as: ISO 27001:2002, CMMC 2.0, NIST 800-171 revision 2, NIST 800-171 revision 3.
• Strong attention to detail, high level of reading and analytical skills and problem-solving skills, ability to learn new concepts quickly, and ability to pivot and communicate efficiently and effectively at a high-level to leadership teams.
• Ability to develop and maintain knowledge of an organization’s operations, corporate values, and business goals, and of the compliance landscape as it pertains to the Company, and ability to use that knowledge to anticipate, identify, analyze, and address business and liability opportunities and risks as they pertain to the company.
• Ability to identify, analyze, and provide guidance on where coordination, guidance, review, and approval are needed from external advisors and from other internal departments and stakeholders of the Company.
• Ability to review, understand, evaluate and provide guidance on large, complex projects and a variety of other initiatives based on corporate guidelines and input from various stakeholders of the Company
• High degree of initiative, organization and prioritization in approach to professional responsibilities, including dependability and timeliness, and ability to work independently with minimal supervision
• Proficient understanding of professional ethics, business sensitivities and confidentiality, and ability to manage professional responsibilities with integrity and discretion
• Personal aptitude to thrive in a dynamic, fast-paced environment, and to manage multiple, concurrent responsibilities and competing demands with sound judgment and diplomacy
• Strong communication skills (verbal and written), and ability to work and communicate effectively with all levels of the Company, and ability to generate awareness, deliver training and guidance, and drive engagement and adoption of policies, processes and initiatives.
• Ability to sit at a desk and work on a computer for prolonged periods, and ability to utilize and manage Microsoft Office products and other office programs and tools.

Nice To Haves

• Ideally the candidate will also possess a certified information systems auditor (CISA).

Responsibilities

• Administer and execute day-to-day security activities such as personnel clearance processing, ITSM program reviews, and fielding regular information security requests and inquiries from colleagues,
• Implement, manage, and support the company’s information security systems, processes, and compliance programs to meet requirements.
• Monitor, assess, and modify systems to ensure continual improvement and address changing requirements.
• Prepare for, coordinate, participate in, and help execute internal and external audits.
• Assist in the development, measurement, and reporting of key metrics to drive conformance, efficiency, and continual improvement and collection of evidence of conformance.
• Assist in generating awareness and driving engagement and adoption of policies, initiatives, and other guidelines including insider threat training, CUI protection and safeguarding awareness, and cleared personnel security briefings.
• Serve as subject matter expert on applicable information security requirements and the company’s information security systems, processes, and compliance programs for proper administration, maintenance, and oversight of information security activities across the company.
• Assist in the preparation and maintenance of information security and other compliance documentation.