Graham Corporation
Cyber Security Program Manager/FSO/ISSM
Graham Corporation, Batavia, New York, United States, 14020
Summary:
The Cyber Security Program Analyst develops and manages the cybersecurity at Graham.This position identifies and mitigates cyber risks by creating a holistic framework.Job duties include policy and procedure creation and management, risk assessments, management on cyber security and education program, and creation of compliant CMMC, NIST 800-171, NN801-rev5 programs. This position drives overall risk down by developing a security operations plan built around best practices and frameworks.
Key Results Areas:
•CMMC/NIST 800-171/NNPI security lead
•Lead compliance efforts for CUI and NNPI processing
•Lead CMMC compliance and certification efforts
•Lead NN-801-Rev5 compliance
•Lead NIST 800-171 requirements
•Manage internal and external audits and certifications
•Update cyber scores in SPRS, Exostar or other government required systems
•Cybersecurity Manager
•Develop cyber education and training programs
•Lead Cyber security projects and team members
•Develop Cybersecurity policies, procedures, and processes
•Create a robust incident response team and processes including the creation and execution or regular tabletop exercises
•Manages all requirements for cyber reporting of incidents with the IT Manager
•Recommends mitigations for insider threat risks
•Develop and manage requirements around pen testing and other cyber threat testing
•Determines and manages security software evaluations and implementations to support the cyber program
•Validates security and configuration of third party software when needed
•Defines and manages tools needed for E-discovery an computer forensic needs
•Classified Systems
•Management of security and requirements and RMF configurations of systems
•Management of Documenting and submitting systems in E-Mass either directly or as advisor to other security staff
•Management of Security Training program to support classified systems
•Management of training and support of IT security staff for classified systems
•Support the FSO as AFSO if needed
•Reports incidents to DCSA, NCIS, FBI and others as needed
•Leads internal and external audit teams for all compliance
•Logs incidents into government systems for review
•Manages cyber insurance evaluations and determines best path for reducing risk and keeping coverages
•Develop and present cyber security and risk management presentations to senior management and board members as needed
•Develops training materials and trains other staff
•Takes lead in maintaining or developing IT processes
•Project management
•Software evaluation
•System administration if needed
•Custom programming if needed
•Performs other related duties as required and assigned
Education and Experience Required:
•Degree in computer science or cybersecurity or applicable work experience
•Strong cybersecurity or computer forensics background
•Working knowledge of RMF, CMMC, NIST and other security frameworks
•Proficient in Microsoft Office software products
•Possession of or ability to get within 1 year - Active Security clearance
•Possession of or ability to obtain CISSP certification within two years of taking position
•Ability to work efficiently with many different types of people, skill levels, and personalities
Desired Job Qualifications:
•Experience working directly with business end-users preferred.
•System administration background
•IT auditing & compliance
•Strong written and verbal communication skills
•Ability to manage other people and projects
•Strong security or IT operations background
•Experience with EMASS,DISS, NISS, NBIS or other
Working Conditions:
•Work may require evening and weekend work
•Traveling between buildings will be required
Skills:
To perform the job successfully, an individual should demonstrate the following competencies:
•Proficiency in word processing, spreadsheet, presentation, project management, enterprise resource planning, database software.
•Ability and willingness to abide by set policies and/or safety programs established by Graham, our clients, and/or regulatory agencies which govern our performance and behavior in the normal course of our work while on Graham or the client's property or job site.
•Excellent written and verbal communication skills.
•Strong organizational and time management skills.
•High attention to detail.
•Ability to successfully plan and implement objectives within established timelines and work schedules.
•Ability to analyze problems and develop effective solutions at both strategic and functional levels.
•Develop strategies to achieve organizational goals; Understand organization's strengths and weaknesses; Analyzes market and competition; Identifies external threats and opportunities; Adapts strategy to changing conditions.
•Demonstrate behavior consistent with company values.
•Ability to work independently, with minimal direction as a highly motivated self-starter and within a team oriented culture.
Physical and Mental Demands:
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of the position.Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
•Physical demands:May be required to move items up to 60 pounds for distances of up to 10 feet. May be required to stand, stoop, bend, kneel and squat for extended periods of time.May be exposed to fumes or dust, toxic or caustic chemicals, outdoor weather, moving mechanical parts and moderate to loud noise levels. Must wear appropriate protective gear and clothing as necessary
•Require to speak and communicate clearly with others.
•Mental demands: While performing the duties of this position, the individual is required to read, write, analyze data and reports, exercise judgement, develop plans, procedures and goals, present information to others and work under pressure.
•Work environment:This job operates in a clerical office setting and in the manufacturing spaces.This role routinely uses standard office equipment such as computers, phones, photocopiers and filing cabinets.
Work Authorization/Security Clearance:
•Must be able to work in the United States without sponsorship.Ability to obtain US government security clearance is required.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
The Cyber Security Program Analyst develops and manages the cybersecurity at Graham.This position identifies and mitigates cyber risks by creating a holistic framework.Job duties include policy and procedure creation and management, risk assessments, management on cyber security and education program, and creation of compliant CMMC, NIST 800-171, NN801-rev5 programs. This position drives overall risk down by developing a security operations plan built around best practices and frameworks.
Key Results Areas:
•CMMC/NIST 800-171/NNPI security lead
•Lead compliance efforts for CUI and NNPI processing
•Lead CMMC compliance and certification efforts
•Lead NN-801-Rev5 compliance
•Lead NIST 800-171 requirements
•Manage internal and external audits and certifications
•Update cyber scores in SPRS, Exostar or other government required systems
•Cybersecurity Manager
•Develop cyber education and training programs
•Lead Cyber security projects and team members
•Develop Cybersecurity policies, procedures, and processes
•Create a robust incident response team and processes including the creation and execution or regular tabletop exercises
•Manages all requirements for cyber reporting of incidents with the IT Manager
•Recommends mitigations for insider threat risks
•Develop and manage requirements around pen testing and other cyber threat testing
•Determines and manages security software evaluations and implementations to support the cyber program
•Validates security and configuration of third party software when needed
•Defines and manages tools needed for E-discovery an computer forensic needs
•Classified Systems
•Management of security and requirements and RMF configurations of systems
•Management of Documenting and submitting systems in E-Mass either directly or as advisor to other security staff
•Management of Security Training program to support classified systems
•Management of training and support of IT security staff for classified systems
•Support the FSO as AFSO if needed
•Reports incidents to DCSA, NCIS, FBI and others as needed
•Leads internal and external audit teams for all compliance
•Logs incidents into government systems for review
•Manages cyber insurance evaluations and determines best path for reducing risk and keeping coverages
•Develop and present cyber security and risk management presentations to senior management and board members as needed
•Develops training materials and trains other staff
•Takes lead in maintaining or developing IT processes
•Project management
•Software evaluation
•System administration if needed
•Custom programming if needed
•Performs other related duties as required and assigned
Education and Experience Required:
•Degree in computer science or cybersecurity or applicable work experience
•Strong cybersecurity or computer forensics background
•Working knowledge of RMF, CMMC, NIST and other security frameworks
•Proficient in Microsoft Office software products
•Possession of or ability to get within 1 year - Active Security clearance
•Possession of or ability to obtain CISSP certification within two years of taking position
•Ability to work efficiently with many different types of people, skill levels, and personalities
Desired Job Qualifications:
•Experience working directly with business end-users preferred.
•System administration background
•IT auditing & compliance
•Strong written and verbal communication skills
•Ability to manage other people and projects
•Strong security or IT operations background
•Experience with EMASS,DISS, NISS, NBIS or other
Working Conditions:
•Work may require evening and weekend work
•Traveling between buildings will be required
Skills:
To perform the job successfully, an individual should demonstrate the following competencies:
•Proficiency in word processing, spreadsheet, presentation, project management, enterprise resource planning, database software.
•Ability and willingness to abide by set policies and/or safety programs established by Graham, our clients, and/or regulatory agencies which govern our performance and behavior in the normal course of our work while on Graham or the client's property or job site.
•Excellent written and verbal communication skills.
•Strong organizational and time management skills.
•High attention to detail.
•Ability to successfully plan and implement objectives within established timelines and work schedules.
•Ability to analyze problems and develop effective solutions at both strategic and functional levels.
•Develop strategies to achieve organizational goals; Understand organization's strengths and weaknesses; Analyzes market and competition; Identifies external threats and opportunities; Adapts strategy to changing conditions.
•Demonstrate behavior consistent with company values.
•Ability to work independently, with minimal direction as a highly motivated self-starter and within a team oriented culture.
Physical and Mental Demands:
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of the position.Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
•Physical demands:May be required to move items up to 60 pounds for distances of up to 10 feet. May be required to stand, stoop, bend, kneel and squat for extended periods of time.May be exposed to fumes or dust, toxic or caustic chemicals, outdoor weather, moving mechanical parts and moderate to loud noise levels. Must wear appropriate protective gear and clothing as necessary
•Require to speak and communicate clearly with others.
•Mental demands: While performing the duties of this position, the individual is required to read, write, analyze data and reports, exercise judgement, develop plans, procedures and goals, present information to others and work under pressure.
•Work environment:This job operates in a clerical office setting and in the manufacturing spaces.This role routinely uses standard office equipment such as computers, phones, photocopiers and filing cabinets.
Work Authorization/Security Clearance:
•Must be able to work in the United States without sponsorship.Ability to obtain US government security clearance is required.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)