Manager, Information & Cyber Security

Kokosing (www.kokosing.biz) is one of America's 60 largest General Contractors and services a broad spectrum of clients in both the private and public business sectors. Kokosing's services include heavy civil/industrial construction such as highways, bridges, underground utilities, water/wastewater facilities, and marine construction. For 70 years, Kokosing has successfully attracted the most qualified technical personnel in the construction industry by offering visible challenges, superior quality, and attractive rewards. With over $1.5 billion in annual sales and a commitment to its workforce, Kokosing is the winning team.

Job Description:

The Manager, Information & Cyber Security will lead the development and enforcement of a comprehensive security program, ensuring protection of critical systems, data, and assets. This role focuses on compliance with CMMC, NIST 800-171r2, and managing security for both cloud computing assets, including Microsoft Commercial and GCC tenants, as well as on prem assets.  Additionally, the position oversees enterprise-wide security governance, risk management, compliance (GRC), and data privacy initiatives. The ideal candidate combines technical expertise, leadership skills, and regulatory knowledge to safeguard the enterprise while enabling operational excellence.

Key Responsibilities:

Information & Cyber Security Program Management

• Maintain and mature security strategies to meet CMMC, NIST 800-171r2, and other regulatory standards.
• Oversee the deployment of security controls for data protection, intellectual property, and critical business functions.
• Establish and enforce enterprise-wide security policies, standards, and procedures.
• Conduct security risk assessments, manage vulnerabilities, and prioritize remediation efforts.
• Maintain security documentation, including System Security Plans (SSPs) and risk registers.

Enterprise Risk Management & Compliance

• Lead enterprise-wide risk assessments and develop mitigation strategies.
• Integrate security governance into business processes and IT initiatives.
• Serve as the SME for compliance frameworks, including CMMC, NIST 800-171r2, and CIS.
• Implement third-party risk management programs to assess vendor security postures.
• Prepare for and lead audits and assessments, ensuring readiness and addressing findings.
• Collaborate with legal, human resources, and business teams to align cybersecurity with contractual and regulatory requirements.

IT Security Management

• Work with the Infrastructure team to configure security controls within both cloud and on prem environments.
• Manage IAM, MFA, conditional access policies, and role-based access controls in hybrid IAM environment.
• Monitor security events, investigate incidents, and lead response efforts.
• Implement data protection solutions, including encryption and Data Loss Prevention (DLP).

• Partner with IT teams to enhance endpoint, network, and cloud security initiatives. Communicate cybersecurity risks and strategies to leadership.

Incident Response & Threat Management

• Maintain and execute the organization's incident response plan.
• Oversee threat intelligence efforts to identify and mitigate risks proactively.
• Conduct post-incident reviews to strengthen security defenses.
• Develop business continuity and disaster recovery (BC/DR) frameworks.

Team Leadership & Continuous Improvement

• Mentor cybersecurity professionals, fostering a culture of security awareness.
• Stay updated with evolving threats, compliance standards, and cybersecurity technologies.
• Identify and implement best practices to enhance security maturity.

Qualifications:

Required:

• Bachelor’s degree in Cybersecurity, IT, or related field (or equivalent experience).
• 5+ years of information security experience, including compliance-focused roles.
• Expertise in Microsoft environments, including security features in Microsoft 365 and Entra ID.
• Strong knowledge of security frameworks (CIS Controls, NIST CSF, COBIT).
• Experience with risk assessments, governance, and compliance audits.
• Proven leadership and team management skills.
• Excellent communication and project management abilities.

Preferred:

• Knowledge of CMMC, NIST 800-171r2, ISO 27001, HIPAA, and SOX.
• Experience with hybrid cloud security controls.
• Relevant certifications (e.g., CISSP, CISM, CISA, CRISC, CCP, MS-500, AZ-500).
• Proficiency in security tools (SIEM, EDR, DLP, vulnerability management).

Work Environment:

• Full-time, on-premises role.
• Availability to respond to critical incidents and participate in on-call rotation.
• Collaboration with executives, IT, compliance, and legal teams in a fast-growing enterprise environment.

Kokosing is an equal employment opportunity/affirmative action federal and state contractor. The company does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or any other protected class.