R.E. Darling Company Inc. · 3 months ago
Cybersecurity Compliance Specialist
Tucson, AZ
Full-time
Onsite
Mid Level
3+ years expR.E. Darling Company Inc. is seeking a Cybersecurity Compliance Specialist to oversee the cybersecurity posture and compliance of their information systems. The role involves managing the Cybersecurity Maturity Model Certification (CMMC) and ensuring adherence to regulatory requirements while leading training and governance initiatives.
AerospaceIndustrialManufacturingPlastics and Rubber Manufacturing
No H1B
U.S. Citizen Only
Responsibilities
Provide governance and CMMC Program Management to ensure compliance to legal and regulatory requirements including dictated customer requirements
Maintain and update REDAR’s System Security Policy, Plan of Action & Milestones (POA&Ms), Risk assessments and related security policies
Cyber Security/Disaster Recovery/Incident Response and Business Continuity Planning
Cyber Security, Controlled Unclassified Information (CUI), Risk Awareness and IT policy training
Ensure continuous monitoring, logging, vulnerability scanning and system hardening
Collaborate with Information Technology & Systems Manager to manage Information System Security for CUI systems
Develop and execute a strategic roadmap to achieve and maintain CMMC Level 2 Compliance
Coordinate readiness assessments, gap analysis and remediation planning
Oversee implementation and maintenance of NIST SP 800-171 controls
Implementation, and retention of IT policies, processes and systems required to satisfy CMMC (including NIST 800-171) compliance
Collaborate with business units to develop and implement processes & procedures to support regulatory and customer dictated security requirements
Provide evidence/supporting documents to attest to individual requirements of CMMC and NIST 800-171
Enter data required in Procurement Integrated Enterprise Environment (PIEE) for CMMC, Supplier Performance Risk System (SPRS), etc
Coordinate with Registered Practitioner Organization (RPO) and Certified Third-Party Assessor Organization (C3PAO) to attain/retain CMMC certification
Annual attestation coordination
Primary liaison with Customers, Senior Leaders, Managers, Contracts/Exports Department and other internal employees as required regarding CMMC compliance and status
Collaboration with Supply Chain
Follow Up on Compliance status & questionnaires
Monitoring of CMMC related FAR/DFAR clauses
Develop and execute process to Audit departments and users for compliance
Current awareness of changing and upcoming security and compliance requirements
Review and update REDAR’s System Security Policy (SSP), Plan of Action & Milestones (POA&Ms), Risk assessments and related security policies
Review and update System Security Plan (SSP) to reflect current requirements
Review and update Plan of Action and Milestones (POAM) to reflect current status for meeting/retaining CMMC certification
Review and update REDAR Information System Security (ISS) policies as required
Communicate and train users to revised requirements for the SSP, POA&M and related policies
Review and update REDAR’s Incident Response Plan
Lead security incident response and reporting activities for in-scope systems
Respond to and oversee mitigation of threats in a timely manner per REDAR’s Incident Response Plan
Ensure best practices for security with least level of access required are employed
Stay abreast of current and trending threats by reviewing Cyber Intel provided by Managed Detection and Response (MDR) and/or Managed Service Security Provider (MSSP) as required
Collaborate with Information Technology & Systems Manager to implement and support requirements for qualification of Cybersecurity Insurance
Collaborate with Information Technology & Systems Manager to implement proactive solutions to prevent against new threats as they become known
Oversee and direct company communication and education to provide user awareness of ongoing threats and risks
Oversee system patches/updates to operating systems & clients are implemented
Awareness of company data Backup, Disaster Recovery and Business Continuity Plans
Collaborate with the Information Technology & Systems Manager to develop and review that appropriate security procedures are in place to safeguard the systems from physical harm and viruses, unauthorized users and damage to data
Provide Cyber Security, Controlled Unclassified Information (CUI), Risk Awareness and IT policy training
Develop and maintain training media for cyber security requirements, CUI and risk awareness
Train employees in cyber security requirements, CUI, risk awareness and company security policies
Onboarding
Annual
Ongoing current cyber threat awareness training
Ongoing training on revisions to REDAR’s Information Systems Security Policy (ISS) and related policies
Coordinate with contracted External Service Providers (ESP) for Managed Detection and Response (MDR), Managed Service Provider (MSP) and/or Managed Service Security Provider (MSSP) as required
Coordinate with Information Technology & Systems Manager and Network & Systems Administrator as required
Qualification
Required
This position will require access to ITAR and/or EAR controlled technical data, technology or source code, and requires that all individuals in this role be authorized to access such information
Bachelor's degree in computer sciences, Information Systems or a specialized cybersecurity program, which will provide foundational knowledge in network security, risk management, cryptography, and threat detection
Minimum three years' experience in the following areas
Monitoring and remediating Cyber Security threats
Implementation and retention of corporate policies
Training employees on Cyber Security policies and awareness
Windows server administration
Microsoft Entra ID administration
Microsoft Office 365 & Exchange administration
Provide governance and CMMC Program Management to ensure compliance to legal and regulatory requirements including dictated customer requirements
Maintain and update REDAR's System Security Policy, Plan of Action & Milestones (POA&Ms), Risk assessments and related security policies
Cyber Security/Disaster Recovery/Incident Response and Business Continuity Planning
Cyber Security, Controlled Unclassified Information (CUI), Risk Awareness and IT policy training
Ensure continuous monitoring, logging, vulnerability scanning and system hardening
Collaborate with Information Technology & Systems Manager to manage Information System Security for CUI systems
Develop and execute a strategic roadmap to achieve and maintain CMMC Level 2 Compliance
Coordinate readiness assessments, gap analysis and remediation planning
Oversee implementation and maintenance of NIST SP 800-171 controls
Implementation, and retention of IT policies, processes and systems required to satisfy CMMC (including NIST 800-171) compliance
Collaborate with business units to develop and implement processes & procedures to support regulatory and customer dictated security requirements
Provide evidence/supporting documents to attest to individual requirements of CMMC and NIST 800-171
Enter data required in Procurement Integrated Enterprise Environment (PIEE) for CMMC, Supplier Performance Risk System (SPRS), etc
Coordinate with Registered Practitioner Organization (RPO) and Certified Third-Party Assessor Organization (C3PAO) to attain/retain CMMC certification
Annual attestation coordination
Primary liaison with Customers, Senior Leaders, Managers, Contracts/Exports Department and other internal employees as required regarding CMMC compliance and status
Collaboration with Supply Chain
Follow Up on Compliance status & questionnaires
Monitoring of CMMC related FAR/DFAR clauses
Develop and execute process to Audit departments and users for compliance
Current awareness of changing and upcoming security and compliance requirements
Maintain and update REDAR's System Security Policy (SSP), Plan of Action & Milestones (POA&Ms), Risk assessments and related security policies
Review and update System Security Plan (SSP) to reflect current requirements
Review and update Plan of Action and Milestones (POAM) to reflect current status for meeting/retaining CMMC certification
Review and update REDAR Information System Security (ISS) policies as required
Communicate and train users to revised requirements for the SSP, POA&M and related policies
Review and update REDAR's Incident Response Plan
Lead security incident response and reporting activities for in-scope systems
Respond to and oversee mitigation of threats in a timely manner per REDAR's Incident Response Plan
Ensure best practices for security with least level of access required are employed
Stay abreast of current and trending threats by reviewing Cyber Intel provided by Managed Detection and Response (MDR) and/or Managed Service Security Provider (MSSP) as required
Collaborate with Information Technology & Systems Manager to implement and support requirements for qualification of Cybersecurity Insurance
Collaborate with Information Technology & Systems Manager to implement proactive solutions to prevent against new threats as they become known
Oversee and direct company communication and education to provide user awareness of ongoing threats and risks
Oversee system patches/updates to operating systems & clients are implemented
Awareness of company data Backup, Disaster Recovery and Business Continuity Plans
Collaborate with the Information Technology & Systems Manager to develop and review that appropriate security procedures are in place to safeguard the systems from physical harm and viruses, unauthorized users and damage to data
Provide Cyber Security, Controlled Unclassified Information (CUI), Risk Awareness and IT policy training
Develop and maintain training media for cyber security requirements, CUI and risk awareness
Train employees in cyber security requirements, CUI, risk awareness and company security policies
Ongoing current cyber threat awareness training
Ongoing training on revisions to REDAR's Information Systems Security Policy (ISS) and related policies
Coordinate with contracted External Service Providers (ESP) for Managed Detection and Response (MDR), Managed Service Provider (MSP) and/or Managed Service Security Provider (MSSP) as required
Coordinate with Information Technology & Systems Manager and Network & Systems Administrator as required
Preferred
Previous employment with a Department of Defense Contractor preferred
Previous experience with CMMC and NIST 800-171 compliance preferred
Company
R.E. Darling Company Inc.
We are a rubber manufacture company.
51-200 employees
Funding
Current Stage
Growth StageCompany data provided by crunchbase