Cyber Security Program Manager

About The Position

Requirements

• Degree in computer science or cybersecurity or applicable work experience
• Strong cybersecurity or computer forensics background
• Working knowledge of RMF, CMMC, NIST, ITAR, EAR, PCI,NNPI/NOFORN (NN801-REV 5) and other security frameworks
• Proficient in Microsoft Office software products
• Possession of or ability to obtain CISSP certification within 2 years of taking position
• Possession of or ability to get within 1 year - Active Security clearance
• Ability to work efficiently with many different types of people, skill levels, and personalities
• Demonstrate behavior consistent with company values.
• Maintain strict confidentiality regarding company matters.
• Proficiency in word processing, spreadsheet, presentation, project management, enterprise resource planning, database software.
• Ability and willingness to abide by set policies and/or safety programs established by Graham, our clients, and/or regulatory agencies which govern our performance and behavior in the normal course of our work while on Graham or the client's property or job site.
• Excellent written and verbal communication skills.
• Strong organizational and time management skills.
• High attention to detail.
• Ability to successfully plan and implement objectives within established timelines and work schedules.
• Ability to analyze problems and develop effective solutions at both strategic and functional levels.
• Develop strategies to achieve organizational goals; Understand organization's strengths and weaknesses; Analyzes market and competition; Identifies external threats and opportunities; Adapts strategy to changing conditions.
• Demonstrate behavior consistent with company values.
• Ability to work independently, with minimal direction as a highly motivated self-starter and within a team oriented culture.
• Must be a U.S citizen.
• Must be able to obtain US government security clearance if required.

Nice To Haves

• Experience working directly with business end-users preferred.
• System administration background
• IT auditing & compliance
• Strong written and verbal communication skills
• Ability to manage other people and projects
• Strong security or IT operations background
• Experience with EMASS,DISS, NISS, NBIS or other

Responsibilities

• Develop cyber education and training programs
• Develop Cybersecurity policies, procedures, and processes
• Manages all requirements for cyber reporting of incidents with the IT Manager
• Develop and manage requirements around pen testing and other cyber threat testing
• Validates security and configuration of third party software, when needed
• Designs and implements Vendor Risk Management program
• Defines and manages tools needed for E-discovery and computer forensic needs
• Configures GRC tool and monitoring plans to support any audits
• Management of security and requirements and RMF configurations of systems
• Management of Documenting and submitting systems in E-Mass either directly or as advisor to other security staff
• Management of Security Training program to support classified systems
• Management of training and support of IT security staff for classified systems
• Support the FSO as AFSO if needed
• Research/procurement/creation/monitoring/improvement of technology, systems, equipment & processes
• Recommends mitigations for insider threat risks
• Determines and manages security software evaluations and implementations to support the cyber program
• Hands on implementation of security software, tools, or processes
• Develop, lead, staff, manage high performing team
• Lead compliance efforts for CUI and NNPI processing
• Lead CMMC compliance and certification efforts
• Lead NN-801-Rev5 compliance
• Lead NIST 800-171 requirements
• Manage internal and external audits and certifications
• Update cyber scores in SPRS, Exostar or other government required systems
• Lead Cyber security projects and team members
• Leads internal and external audit teams for all compliance
• Create a robust incident response team and processes including the creation and execution or regular tabletop exercises and playbooks
• Develop and present cyber security and risk management presentations to senior management and board members, as needed
• Develops training materials and trains other staff
• Reports incidents to DCSA, NCIS, FBI, DIBNET and others, as needed
• Logs incidents into government systems for review
• Manages cyber insurance evaluations and determines best path for reducing risk and keeping coverages
• Takes lead in maintaining or developing IT processes
• Project management
• Software evaluation
• System administration, if needed
• Custom programming, if needed
• Performs other related duties as required and assigned