Cyber and Data Security Manager at ERG

Alexandria, Virginia, United States

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Government Contracting, Research and ConsultingIndustries

Requirements

Bachelor’s degree in computer science, Cyber / Information Security, or a related field
10+ years working in IT security operations, including a minimum of 3 years in a Corporate IT environment, in a hands-on role dedicated to information security compliance, systems security, IT risk management, IT audit, or similarly related
Minimum of 10 years working in IT security operations including 3+ years of hands-on experience implementing and maintaining controls under NIST SP 800-171 (CMMC Level 2) within a U.S. Government contractor environment where CUI is processed
Must be able to obtain/maintain US DOD Security Clearance
Experience in recommending and implementing policies and procedures to ensure adherence to security standards, including the requirements of NIST SP 800-171 and CMMC Level 2
Demonstrated hands-on experience with NIST 800-171 and ISO 27001 Controls
Experience performing security audits with specialized SIEM tools (i.e., CrowdStrike, Arctic Wolf, Microsoft Sentinel)

Responsibilities

Develop, maintain, and update comprehensive compliance documentation including System Security Plan (SSPs), Plans of Action and Milestones (POA&M), implement policies and procedures and other supporting artifacts to ensure adherence to security standards
Collaborate with both internal resources as well as external consultants and auditors, to facilitate compliance reviews, assessments and gap analyses
Prepare for and facilitate CMMC assessments, including self-assessments and third-party audits by Certified Third-Party assessor Organizations (C3PAO)
Ensure that our information security assets, policies, and processes are reliable, available, provide confidentiality, and are generally safe from unauthorized use and intrusion
Provide day-to-day security support around the infrastructure and procedures used to protect and secure Controlled Unclassified Information (CUI), including ERG’s related computer systems, data, and network
Perform risk analysis on threats, security alerts, and other suspicious systems or network activity
Lead incident response efforts, including investigation, containment, and recovery
Identify and analyze existing processes and procedures to meet new IT Security goals and objectives
Evaluate security incidents to determine impact & escalate appropriately
Monitor, aggregate, label, and manage artifacts related to the Security Program assessment and external audits
Develop, document, and assist with implementing ISO 270001 and NIST/CMMC framework standards, procedures, processes, and guidelines
Plan and monitor security measures for the protection of computer systems, networks, and information, including the use of Security Information and Event Management (SIEM) products
Develop and deliver cyber-related training programs for employees and stakeholders
Provide security awareness training on recognizing and reporting potential indicators of external insider threats
Ensure integrity and security of company data
Support ERG’s Change & Configuration Control Board (CCB) through actions such as documenting change requests and participating in regular CCB meetings

Skills

NIST SP 800-171

CMMC Level 2

System Security Plan (SSP)

Plans of Action and Milestones (POA&M)

CUI security

IT security operations

compliance documentation

gap analysis

security assessments

C3PAO audits

ERG

Consulting for public health and environmental safety

About ERG

ERG focuses on consulting services aimed at enhancing public health, environmental safety, and worker health and safety. The firm provides specialized expertise to government agencies, communities, and businesses, helping them tackle complex challenges in these areas. ERG's services include assessing environmental and occupational hazards, ensuring food and drug safety, planning sustainable facilities, and improving worker safety. What sets ERG apart from its competitors is its commitment to inclusivity, particularly in working with small businesses that are disadvantaged, minority-owned, women-owned, veteran-owned, and service-disabled veteran-owned. This approach not only enriches ERG's expertise but also supports the growth of these enterprises. The goal of ERG is to create a positive impact by promoting fairness, equity, and social justice in all its projects and partnerships, ultimately leading to safer and healthier communities and workplaces.

Oslo, NorwayHeadquarters

1984Year Founded

ACQUISITIONCompany Stage

Consulting, Government & Public Sector, Social ImpactIndustries

201-500Employees