Cyber Security Program Manager

About the position

The Cyber Security Program Manager develops and manages the cybersecurity program at Graham. This position identifies and mitigates cyber risks by creating a holistic framework. Job duties include policy and procedure creation and management, risk assessments, management of cyber security and education programs, and creation of compliant CMMC, NIST 800-171, NN801-rev5, PCI, ITAR, EAR programs. This position drives overall risk down by developing a security operations plan built around best practices and frameworks.

Responsibilities

• Develop cyber education and training programs
• Develop Cybersecurity policies, procedures, and processes
• Manage all requirements for cyber reporting of incidents with the IT Manager
• Develop and manage requirements around pen testing and other cyber threat testing
• Validate security and configuration of third-party software, when needed
• Design and implement Vendor Risk Management program
• Define and manage tools needed for E-discovery and computer forensic needs
• Configure GRC tool and monitoring plans to support any audits
• Manage security and requirements and RMF configurations of systems
• Document and submit systems in E-Mass either directly or as advisor to other security staff
• Manage Security Training program to support classified systems
• Support the FSO as AFSO if needed
• Research/procurement/creation/monitoring/improvement of technology, systems, equipment & processes
• Recommend mitigations for insider threat risks
• Determine and manage security software evaluations and implementations to support the cyber program
• Hands on implementation of security software, tools, or processes
• Develop, lead, staff, manage high performing team
• Lead compliance efforts for CUI and NNPI processing
• Lead CMMC compliance and certification efforts
• Lead NN-801-Rev5 compliance
• Lead NIST 800-171 requirements
• Manage internal and external audits and certifications
• Update cyber scores in SPRS, Exostar or other government required systems
• Lead Cyber security projects and team members
• Lead internal and external audit teams for all compliance
• Create a robust incident response team and processes including the creation and execution of regular tabletop exercises and playbooks
• Provide effective communication and reporting to all stakeholders
• Develop and present cyber security and risk management presentations to senior management and board members, as needed
• Develop training materials and train other staff
• Report incidents to DCSA, NCIS, FBI, DIBNET and others, as needed
• Log incidents into government systems for review
• Manage cyber insurance evaluations and determine best path for reducing risk and keeping coverages
• Take lead in maintaining or developing IT processes
• Perform project management, software evaluation, system administration, and custom programming as needed
• Perform other related duties as required and assigned

Requirements

• Bachelor's degree in computer science or cybersecurity or applicable work experience
• Strong cybersecurity or computer forensics background
• Working knowledge of RMF, CMMC, NIST, ITAR, EAR, PCI, NNPI/NOFORN (NN801-REV 5) and other security frameworks

Nice-to-haves

• Experience working directly with business end-users preferred
• System administration background
• IT auditing & compliance
• Strong written and verbal communication skills
• Ability to manage other people and projects
• Strong security or IT operations background
• Experience with EMASS, DISS, NISS, NBIS or other