Information And Cybersecurity Manager
Saalex Solutions
As the Security Manager, responsible for establishing and implementing an organizational Cyber and Information Security Program focusing on Governance, Risk and Compliance Management.- Monitor internal and external security regulations for compliance, including policy, procedures and security control implementation and assessment against established frameworks (ISO 27001, DFARS 252.204-7012, Cybersecurity Maturity Model Certification (CMMC), HIPAA, PCI-DSS, ITAR, and NIST).- Develop and maintain key policies, standards and guidelines as required for compliance (e.g., data classification and labelling, incident response plans, acceptable use, access control, etc.).- Developed a well-defined and comprehensive Incident Response Plan and ensured the IRP was regularly tested throughout the organization. - Prepare, present and communicate relevant information regarding the state of the Cybersecurity Program with executive leadership and business unit directors.- Participate on the Change Management Board to advise and evaluate proposed IT changes and new technical security solutions and implement any security controls to mitigate the risk of operation to the company. - Continuously review and maintain the corporate System Security Plan and POAM for DFARS, NIST and CMMC compliance and security policies that cross regulation standards for efficiency. - Identify, link, prioritize, quantify and document findings from audits, self-assessments, and vulnerability scanning reports and document remediation/corrective actions to improve security in a POAM and track remediation progress with milestone status updates.- Continuously monitor, track key performance metrics and periodically re-test security controls and supporting auditable artifacts for effectiveness over time.- Develop, maintain, contribute to, and socialize policies and procedures throughout all corporate echelons and at all office locations on the importance of cyber and information security.