Technical Program Manager – GRC
| Company | True Anomaly |
|---|---|
| Location | Long Beach, CA, USA, Washington, DC, USA, Colorado Springs, CO, USA, Denver, CO, USA |
| Salary | $110000 – $200000 |
| Type | Full-Time |
| Degrees | |
| Experience Level | Senior, Expert or higher |
Requirements
- 7+ years of directly related experience in IT security assessment and experience as an ISSM or ISSO a plus.
- Demonstrated understanding of NIST SP 800-171, NIST SP 800-53, ISO 27001, SOC2 security requirements.
- Verify and document the implementation of security controls necessary to achieve compliance.
- Experience building and rolling out compliance policies.
- Experience authoring corporate security policies (e.g., privacy, data, and records retention) and enterprise security.
- At least 5 years of experience developing security standards, guidelines, and remediation planning based on best practices and industry.
- Comprehensive understanding of incident response, system configuration, vulnerability management, and hardening guidelines within the DoD context.
Responsibilities
- Implement robust security policy and procedures across True Anomaly’s systems and platforms.
- Conduct information technology compliance assessments across various frameworks (e.g., NIST 800-171, 800-53, etc.), to include, but not limited to: NIST SP 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations (DFARS 252.204-7012). NIST SP 800-53 Rev. 5, Security and Privacy Controls for Federal Information Systems and Organizations. Framework for Improving Critical Infrastructure Cybersecurity – NIST Cybersecurity Framework (CSF) Cybersecurity Maturity Model Certification (latest version) SOC2, ISO 27001, and ISO 27017 requirements.
- Review and develop System Security Plans (SSPs) and Plans of Actions and Milestones (POA&Ms)
- Develop and maintain an Information Security Risk Management program
- Develop various policy documents (SOPs/CONOPs) as required. This may include policies regarding Configuration Management, IS Sanitization, Media Security, Password Policy, Business Continuity, Continuity of Operations, Incident Response, Disaster Recover, and Security Assessments.
- Keep management apprised of impending areas of concern, verbally and in writing.
- Develop new, and mature existing information security and enterprise risk policies.
- Initiate and lead ongoing information security maturity assessment processes and training, using industry accepted frameworks and implement into the overall cyber security posture.
- Produce and review key performance indicators for implemented security measures and distribute KPIs.
- Conduct internal audits to ensure unwavering adherence to DoD compliance standards.
- Collaborate with software engineers to fortify software and resolve vulnerabilities.
Preferred Qualifications
- Experience as an ISSM or ISSO a plus.