Summary
Oversee the execution of our program for evaluating compliance with industry standards (ISO, SOC), federal regulations (FedRAMP/NIST, DOD) and customer contractual requirements. This position interacts with both technology and business leaders across the organization. Assess Information Technology risk, policies, and system settings to verify that controls are effective or remediated to become effective. Lead alert investigations and incident response efforts.Report confirmed incidents to leadership and compliance organizations.
Duties and Responsibilities
·Perform annual ‘IT’ security audits and Self-Assess against DFARS requirements.
·Manage the company’s PoAM and run projects to mitigate gaps.
·Submit answers to company customer cybersecurity questionnaires.
·Manage, edit and update ‘IT’ Policy and procedures and ensure compliance company wide.
·Confirm current configuration of IT security systems, document inconsistencies to policy, then lead remediation efforts.
·Ensure that the organization complies with external regulations and internal policies.
·Manage ‘IT’ alerting system and develop mitigation standards based on types of alerts. Train other ‘IT’ staff members on process.
·Conduct regular audits and risk assessments, following up with mitigation plans.
·Stay up to date on required compliance programs and their changing rules.
·Manage and update the cybersecurity plan in order to identify needs and implement comprehensive security controls using multi-layered security and defense in depth.
·Collaborate with all operations teams to ensure security controls and configurations are implemented and incorporated in their ongoing operations.
·Ensure system security through vulnerability management, system patching and secure configuration policies.
·Confirm implemented network security through segmentation, firewall zoning and ACL policies, as well as secure configurations in firewalls, routers, switches, VPNs and load balancers.
·Set corporate policies for endpoint security management to prevent malware and insider threats.
·Monitor SIEM, IPS, event logs and reports for indicators of attack and indicators of compromise.
·Keep security plans and documentation updated, such as the disaster recovery plans and security policies, create internal operating procedures to support and enforce policies and procedures in order to ensure the availability, integrity, and confidentiality of assets and data.
·Lead Tabletop exercises that simulate disaster, breach, etc.
·Contribute to ‘IT’ status reports and presentations.
·Oversee, develop and provide compliance training to the workforce. Educate and coach internal Technology teams on technology risk, audit, and control principles.
Skills and Specifications
- Project management and team leadership
- Knowledge of relevant laws, regulations, and standards
- Strong analytical and problem-solving skills
- Exceptional communication and presentation skills with diverse audience.
- Experienced with security solutions (e.g. firewall, VPN, SIEM, IPS, URL filtering, Endpoint protection, MFA, NAC)
- Experience with Threat Hunting utilizing major IT security products
- Strong understanding of NIST risk assessment and incident response standards
- Strong understanding of Microsoft Active Directory, GPOs, Windows DACL/SACL
- Ability to perform and analyze packet captures
- Knowledge of hacking techniques, vulnerability disclosures, and security analysis techniques
- The ability to present and explain security and risk information for business executives to understand
- Incident tracking, change management and project tracking systems like ServiceNow.
- Ability to identify risks associated with business processes, operations, information security programs and technology projects.
- Ability to develop working relationships with the business, and a broad understanding of business processes in order to translate technical issues into business-related decision points.
Education and Qualifications
·Bachelor’s degree in computer related field or Project Management curriculum.
Experience with most of the following:
oNIST, ISO, GDPR, PCI DSS and/or related frameworks.
oSecurity Compliance program monitoring and reporting
oCyber Security Knowledge with relevant experience with tools such as Firewalls, IPS/IDS, Endpoint Protection, Web Filtering, Spam Filtering, Vulnerability Scanners, SIEM, etc.
oProven knowledge of program management lifecycle, and skilled at project management
oSupporting enterprise-wide Security Compliance programs designed to anticipate, assess, and minimize control gaps and audit findings
oPractical experience supporting Sarbanes-Oxley (SOX) and/or JSOX compliance
oGeneral knowledge of EU, US and other regional Privacy and Financial regulations
·This position involves working with technologies and information which are subject to U.S. export control regulations.Under these regulations, Toray Composites must review certain candidate information including citizenship, basis of United States work authorization and country of origin.This information would be used for export control screening purposes only.
Compliance with US Export Control Regulations: This position requires use of information which is subject to the International Traffic in Arms Regulations (ITAR) and/or the Export Administration Regulations (EAR).In order to comply with these regulations, applicants for employment must be a “U.S. Person” as defined by the ITAR and/or EAR.The definition of “US Person” includes U.S. citizen or national, U.S. permanent resident, or lawfully admitted into the U.S. as a refugee or granted asylum.
Physical Demands
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Job tasks are usually performed in an office environment.
Position requires the ability to read, write, speak and understand English at a level necessary to successfully perform assigned responsibilities.Ability to utilize/operate a computer, peripheral equipment and appropriate software.Ability to perform basic mathematical computations (add, subtract, multiply, divide) and to understand and apply work specifications in the completion of work tasks. The ability to hear, speak, use hands/fingers and the repetitive motions of hands/wrists are frequent.Ability to occasionally lift up to 40 pounds. Ability to move within the production area and occasionally climb stairs. Vision abilities require the adjustment and focus of sight.Ability to wear Personal Protective Equipment as required. Must be able to perform the essential functions of the position with or without accommodation.
Health Care coverage starts the first day of the month after hire date.
- Medical and RX- Blue Cross/ Blue Shield (HSA Plan-Gold Plan-Silver Plan)
- Vision Coverage- VSP
- Dental Coverage – Delta Dental (Low Plan or Buy-up Plan)
- Flexible Spending Accounts (FSA)
- 80 Hours of Vacation Time Off annually to start (granted)
- 64 Hours of Personal Time Off annually (accrued)
- 3 Paid Floating Holidays Annually (employee can schedule at their choice)
- 8 Paid Company Recognized Holidays
- Life Insurance- pays your beneficiary twice your annual salary
- Accidental Death & Dismemberment Insurance- pays your beneficiary twice your annual salary
- Short/Long Term Disability
- Voluntary Supplemental Life Insurance
- Toray Corporate Perks
- John Hancock 401K –CMA matches 50% of first 8% of your contribution
- Service Awards @ 3, 5, 10, 15, 20, 25 and 30 years
- Recognition Awards
- Annual Discretionary Bonus Program
