The Pasha Group is hiring: Cybersecurity Compliance Manager in San Rafael

Position at The Pasha Group

Job Summary

The Cybersecurity Compliance Manager develops, implements, and monitors enterprise cybersecurity compliance programs, policies, reporting, and practices to support operational resiliency and compliance with various cybersecurity standards such as ISO, NIST, CMMC, and DFARS as well as industry regulations such as USCG and IMO.

Primary Objectives

1. Identify, evaluate, and define technical and physical security requirements of applicable regulations and contracts.
2. Ensure compliance for ISO 27001, NIST 800-171, 800-53, CMMC, DFARS 7012, 7019, 7020, 7021, and other relevant frameworks.
3. Partner with Information Technology and business unit teams to implement program and process changes to meet compliance requirements.
4. Perform risk-based compliance testing of existing procedures and controls to identify, detect, and correct noncompliance.
5. Develop and deliver presentations, training, and communications related to compliance requirements.

Duties and Responsibilities

1. Develop, implement, manage, and monitor cybersecurity compliance programs in line with industry standards including International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Cybersecurity Maturity Model Certification (CMMC), and Defense Federal Acquisition Regulation (DFARS) as well as industry regulations such as United States Coast Guard (USCG) and International Maritime Organization (IMO).
2. Continuously monitor the organization's cybersecurity practices to ensure compliance with relevant frameworks and regulations.
3. Facilitate the implementation of corrective actions and improvements across the organization.
4. Conduct regular cybersecurity risk assessments on vessels, shore-based systems, and supply chain operations.
5. Collaborate with business unit leadership teams, Facility Security Officers, Terminal Operations teams, and Fleet Management to identify vulnerabilities, assess risk levels, analyze mitigation costs and recommend action plans.
6. Create and maintain cybersecurity policies, incident response plans, and disaster recovery procedures.
7. Align cybersecurity initiatives with broader organizational goals and operational needs.
8. Work closely with IT, Legal, HR, ESG, and other departments to address compliance issues.
9. Monitor implementation and adherence of best practices onboard vessels and in operational facilities.
10. Evaluate and monitor third-party vendors and contractors for cybersecurity compliance.
11. Collaborate with port authorities and industry partners to address shared cybersecurity concerns.
12. Respond to cybersecurity assessments and questionnaires as required by government agencies, business partners, and auditors.
13. Ensure timely and accurate communication and reporting to regulatory authorities.
14. Develop processes and procedures relating to controlled and classified governmental documents and information.
15. Perform 3rd party SaaS risk assessments.
16. Prepare and deliver risk assessment and gap analysis reporting and presentations for leadership teams.
17. Compile detailed reports on the status of cybersecurity compliance efforts.
18. Receive, review, and recommend responses to cyber threat intelligence from law enforcement and industry sources.
19. Other duties as assigned.

QUALIFICATIONS

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education

1. Bachelor's degree in Cybersecurity, Information Technology, or related field or equivalent combination of coursework and experience in a directly related field required.
2. Master's degree in a related field preferred.

Licenses and Certifications

1. Certified Information Systems Security Professional or similar certification required.
2. Transportation Worker Identification Credential (TWIC) required.
3. Ability to obtain and maintain U.S. Government Department of Defense security clearance required.

Work Experience

1. 5+ years of related Cybersecurity compliance experience required.
2. 5+ years experience with IT control frameworks, such as NIST-CSF, NIST 800-171, ISO27001, and PCI preferred.
3. Experience in the transportation/shipping industry strongly preferred.
4. Experience with US Coast Guard cybersecurity requirements for vessels and facilities preferred.

Required Knowledge, Skills and Abilities

1. Demonstrated knowledge of cybersecurity, compliance, and IT audit requirements.
2. Knowledge of maritime industry security regulations and frameworks.
3. Ability to read, interpret, and apply technical manuals, materials, and knowledge bases.
4. Ability to identify problems, evaluate alternatives and recommend effective solutions.
5. Demonstrated ability to drive projects, programs, and initiatives through all stages including research, analysis, planning, costing, development, proposal, implementation, and administration.
6. Ability to multi-task, manage priorities, and meet critical deadlines.
7. Excellent written, verbal, and interpersonal communication skills.
8. Demonstrated ability to maintain confidentiality with tact and discretion.
9. Demonstrated proficiency with Microsoft Office products at the following levels: * Word, Excel, PowerPoint: Intermediate level of skill; * Outlook: Advanced level of skill.

Competencies

1. Builds High-Performing Teams - Selects, organizes, and motivates colleagues to work together in a committed way to achieve a common mission and ensures a pipeline of talent for the future.
2. Delivers Results - Rigorously drives self and others to achieve high levels of individual and organization performance.
3. Engages & Inspires Others - Leads with energy, self-confidence and understanding in ways that motivate colleagues to achieve more than they thought possible.
4. Focuses on the Customer & Market - Continuously evaluates what is important to the customer/client and develops products or solutions that exceed expectations.
5. Makes Sound Business Decisions - Makes timely and well-informed decisions that advance critical priorities, capitalize on new opportunities, and resolve problems.
6. Partners Across Boundaries - Works collaboratively and effectively with colleagues throughout the company toward the common good of The Pasha Group.
7. Practices our Values - Supports and models The Pasha Way; conduct reflects Excellence, Honesty, Integrity, Innovation and Teamwork.

PHYSICAL DEMANDS, WORK ENVIRONMENT, AND TRAVEL

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

1. Hear and speak with sufficient clarity to understand and engage in telephonic information exchange; hear and understand verbal instructions; give and receive information verbally in person or via communication device - Often.
2. Walk/travel within office environment, crouch/bend to access floor-level storage - Often.
3. Use hands/fingers to operate office equipment, type/complete data input, write - Often.
4. Reach with hands, arms; lift, move and manipulate objects weighing up to 20 pounds - Regularly.
5. Sight sufficient to read instructions, documents, and screen-based information - Often.
6. Use hands/fingers to manipulate and file documents, folders, small objects - Regularly.

Working Environment

This role requires work that may involve the following environmental conditions:

1. Corporate office environment.

Travel

Occasional. Must be able to travel independently to U.S. locations including Hawaii.

Screening Requirements

Background Checks.

Must be fully vaccinated against COVID-19, except as prohibited by law.

The information included in this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive or exhaustive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.