We are seeking a detail-oriented and proactive IT Compliance and Security Administrator to join our team. The successful candidate will be responsible for conducting regular audits to ensure compliance with NIST 800-171 and other relevant standards, implementing and maintaining IT security policies and procedures, and preparing documentation related to compliance activities. They will monitor and manage managed security service provider (MSSP) activities regarding security systems, conduct risk assessments, and develop risk mitigation strategies. The role involves coordinating with third-party vendors for regular penetration tests, analyzing test results, and managing remediation plans.
Additionally, the administrator will implement AI security measures, stay updated on security trends, train and mentor colleagues, deploy security awareness training, and manage security incidents. They will collaborate with acquisition teams during due diligence, work closely with various departments to ensure security compliance, and integrate best practices into departmental processes. Strong interpersonal, communication, and business knowledge are essential for this role.
Job Responsibilities
- Part of a team responsible for the roll-out of NIST cybersecurity standards, including the development and execution of implementation plans tailored to the organization's needs.
- Conduct regular audits to ensure compliance with NIST 800-171 and other relevant standards.
- Implement and maintain IT security policies and procedures in alignment with compliance requirements.
- Prepare and maintain documentation related to compliance activities and audits.
- Monitor and manage MSSP activities regarding the application and implementation of security systems, including firewalls, intrusion detection/prevention systems, and antivirus solutions.
- Conduct risk assessments to identify vulnerabilities and recommend remediation actions.
- Develop and implement risk mitigation strategies and controls.
- Work with third-party vendors to conduct regular penetration tests.
- Analyze penetration test results and provide detailed reports with recommendations for improving security posture.
- Develop and manage the activities of a comprehensive remediation plan based on test findings.
- Implement and oversee AI security measures to protect against threats to machine learning models and ensure the integrity and confidentiality of AI-driven systems and data.
- Stay updated with the latest security trends, technologies, and best practices.
- Train, mentor, and work closely with colleagues to promote and ensure adherence to security best practices, fostering a culture of continuous learning and vigilance within the organization.
- Deploy security awareness training campaigns via our platforms and ensure employee participation.
- Monitor and report on security incidents and breaches.
- Coordinate response efforts and manage security breaches effectively.
- Collaborate with acquisition teams during the due diligence and integration phases of an acquisition to ensure security compliance is met and maintained throughout the process.
- Work closely with all departments, including Accounting, HR, and Safety, to ensure security compliance and integrate security best practices into departmental processes. Strong interpersonal and communication skills, coupled with a solid understanding of business operations and needs, are essential for effectively collaborating with diverse teams.
Requirement
- Experience with NIST 800-171 implementation and certification is required.
- Ability to obtain necessary security clearance in compliance with NIST 800-1714-8
- Bachelors degree in information technology, Computer Science, or a related field.
- Professional certifications such as CISSP, CISM, or CISA are highly desirable.
- Minimum 4-8 years of experience in IT security and compliance roles.
- Strong knowledge of security standards and frameworks (e.g., NIST 800-171, ISO 27001, etc.).
- Experience with security tools and technologies (e.g., firewalls, IDS/IPS, SIEM).
- Proficiency in analyzing penetration test results and managing remediation plans.
- Excellent analytical and problem-solving skills.
- Strong communication and interpersonal skills.
- Project management experience with the ability to lead and manage multiple projects simultaneously.
- Ability to work independently and as part of a team.
- A genuine willingness to learn and stay updated with technological advancements.
- Must be a US citizen
Working Conditions:
- In-office position with some flexibility, allowing for occasional remote work when needed.
- This role may require travel to remote facilities as needed.
- The role may require occasional weekend or evening work to provide support during non- business hours.
- The job may involve sitting for extended periods and using a computer while maintaining strong documentation practices, a friendly and professional attitude, and some travel to support sites within the area as necessary.