Cybersecurity Project Manager

Carrier is the leading global provider of healthy, safe and sustainable building solutions with a world-class, diverse workforce with business segments covering Commercial, Education, Healthcare, and Government facilities.  We make modern life possible by delivering safer, smarter and more sustainable products and services that make a difference to people and our planet while revolutionizing industry trends. This is why we come to work every day. Join us and we can make a difference together.

About this role

We are looking for a Cybersecurity Project Manager that can evaluate and implement cybersecurity measures using internal and external resources  while participating and contributing in a team environment.  In this role you will provide the specialized skills and experience required to support each project’s unique cybersecurity needs. NORESCO is product and technology agnostic - our diverse portfolio ranges from  HVAC controls, SCADA systems, automated Central Utility Plants, Cogeneration Systems, micro grids, Battery energy storage, and renewable and alternative power technologies.
 

Key Responsibilities

• Conduct project planning for cybersecurity/Risk Management Framework (RMF) activities, and develop a Cybersecurity plan to mitigate the risk and meet contract requirements.
• Define scope of work to meet client requirements for Cybersecurity and system authorization (with assistance from NORESCO Design Engineers and Cybersecurity consultants when appropriate)
• Coordinate RMF project efforts with project team and Cybersecurity consultant. Ensure RMF process schedule and milestones are maintained and support overall project schedule.
• Work in close collaboration with NORESCO project team groups including Development, Design, Construction, Commissioning, M&V, and O&M to integrate cybersecurity requirements into overall project design and schedule. 
• Conduct project inventories on NORESCO owned and maintained systems focusing on configuration integrity, software and firmware updates, and access credentials to ensure most recent and applicable security standards are satisfied.
• Assess contractual obligations for ongoing system administration (sysadmin) and maintenance, and work with NORESCO’s IT, Construction, and O&M teams to develop project specific policies and procedures to meet these obligations.
• Provide sysadmin and maintenance and/or oversight of sysadmin and maintenance activities for specific projects as assigned.
• Support development and continuous review/updating of NORESCO Cybersecurity policies. Attend Cybersecurity project meetings.
• Conduct Cybersecurity CUI handling and incident reporting training for NORESCO employees and subcontractors. Conduct RMF project training including Cybersecurity Kick Off Workshop, Project Security Training and Tabletop exercises (to be supported by Cybersecurity consultants).
• Assist with meeting requirements of Cybersecurity Maturity Model Certification (CMMC).

Basic Qualifications

• Bachelor’s Degree in Computer Engineering, Engineering or Computer Science
• 5 years of experience in Cybersecurity field and/or building and industrial controls systems

Preferred Qualifications

Other qualifications you may have that would be beneficial in this role include:

• Eligible to obtain government Common Access Card (CAC).
• Solid understanding of building automation / utility monitoring control systems.
• High level communication and project management skills.
• Strong sense of ownership, understands the importance of maintaining project schedules, resolving issues in a timely manner, and in consistently meeting deadlines and commitments.
• Knowledge and experience with Federal Government security processes and standards, including RMF and related NIST CSF.
• Knowledge and experience of U.S. commercial and Government standards, regulations, and codes (e.g., DoD Unified Facility Criteria, OSHA, NFPA, ASHRAE, NIST, DoDi, RMF, NERC CIP Cyber security, etc.).
• Project management experience (PMP certification preferred).
• Desire to build and maintain respectful and inclusive working relationships with individual project team members to foster an environment of cooperation and productivity.
• Robust combination of business acumen, risk management, and strategic thinking skills.
• Eligible to obtain federal security clearance.
• Certified Authorized Professional (CAP)
• Certified Advanced Security Practitioner (CASP+ CE)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP) (or Associate)
• GIAC Security Leadership Certification (GSLC)
• Certified Chief Information Security Officer (CCISO)

#LI-Remote

RSRCAR