Information System Security Officer (CMMC Compliance)

The Opportunity:

Under general supervision, develop and execute security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Maintain hardware, software and network firewalls and encryption protocols. Administer cybersecurity policies to control physical and virtual access to systems. Perform network security audits and testing and evaluates system security configurations to ensure efficacy and compliance with policies and procedures. Conduct penetration testing and vulnerability assessments of applications, operating systems and/or networks. Provide information to management regarding impact on the business caused by theft, destruction, alteration or denial of access to information and systems.

THE OPPORTUNITY:

NuSil is seeking an Information System Security Officer to develop & administer a CMMC compliant information systems security program in support of our high-performance silicones business serving the Aerospace & Defense industries.

WHAT WE'RE LOOKING FOR (EDUCATION): Bachelor's degree with three years of Information Security or related experience. In lieu of a degree, an additional four years of applicable work experience may be substituted.

CERTIFICATIONS: CCP, CCA, CISSP, CISM or CISA preferred

EXPERIENCE: Must have detailed knowledge of Cybersecurity Maturity Model Certification (CMMC) and/or NIST SP 800-171 with demonstrated experience in compliance assessment and risk management. Working knowledge of the National Industrial Security Program Operating Manual (NISPOM) and Defense Federal Acquisition Regulation Supplement (DFARS) preferred.

THOSE NECESSARY TO PERFORM THE JOB COMPETENTLY:

• Must be a US Citizen

• Must have and be able to maintain an Active U.S. Government security clearance.

• Bachelor's degree (Information Security, Computer Science, or related field) with three years of Information Systems Security, Cybersecurity or related experience.

• Demonstrated understanding of secure information system design, implementation and maintenance is required and strong knowledge of continuous monitoring and risk management/assessment practices.

• Excellent verbal and written communication. Strong interpersonal skills as required to effectively collaborate with customers, cybersecurity professionals and fellow associates.

PREFERRED QUALIFICATIONS:

• Bachelor’s degree in information security, computer science, or a related field.

• Minimum of three years of experience in information security, with a focus on compliance and risk management.

• Extensive experience with NIST SP 800-171 and CMMC requirements.

• Strong knowledge of continuous monitoring and risk management/assessment practices.

• Experience with System Security Plan (SSP) and Plan of Action & Milestones (POA&M) management.

• Experience with Controlled Unclassified Information (CUI) data protection requirements.

• Relevant certifications such as CCP, CCA, CISSP, CISM, or CISA are preferred.

• Candidate must have and be able to maintain an Active U.S. Government security clearance at the Secret level with a background investigation date within the last 6 years.

• Ability to obtain and maintain Special Access Program (SAP) approval within a reasonable period of time, as determined by the company to meet its business needs.

• Possess understanding and working knowledge of the National Industrial Security Program Operating Manual (NISPOM) and Defense Federal Acquisition Regulation Supplement (DFARS)

• Excellent analytical, problem-solving, and communication skills.

• Ability to work independently and as part of a team.

• Must be able to adapt to a fast-paced and challenging work environment and must demonstrate exceptional interpersonal and leadership skills.

• Demonstrated positive working relationships with internal and external customers.

• Ability to work independently and follow projects through to completion.

• Ability to maintain flexibility to deal with changing priorities and deadlines.

HOW YOU WILL THRIVE AND CREATE AN IMPACT (MAJOR JOB DUTIES & RESPONSIBILTIES):

The Information System Security Officer (CMMC Compliance) is responsible for tracking, managing, and overseeing compliance with Cybersecurity Maturity Model Certification (CMMC) requirements. This role includes managing the System Security Plan (SSP), Plan of Action and Milestones (POA&M), conducting cybersecurity risk assessments, and ensuring the protection of Controlled Unclassified Information (CUI). The ideal candidate will have extensive experience with NIST SP 800-171, continuous monitoring, and risk management/assessment.

• Develop and maintain policies and procedures required for CMMC compliance: track and manage CMMC compliance requirements, oversee the implementation and maintenance of CMMC controls, conduct regular audits and assessments to ensure compliance.

• Develop, maintain, and update the System Security Plan (SSP), ensuring the SSP accurately reflects the current security posture and controls.

• Develop and manage Plan of Action and Milestones (POA&Ms) to address identified information security gaps, tracking progress and ensure timely remediation of security issues.

• Develop and implement Cybersecurity risk management strategies and controls, conducting regular risk assessments to identify and mitigate cybersecurity risks.

• Ensure the protection of CUI in accordance with regulatory requirements via implementation and maintenance of access controls, encryption, and monitoring for CUI.

• Support continuous monitoring programs to detect and respond to security incidents, ensuring timely reporting and resolution of security incidents.

• Promote a culture of information security awareness and compliance within the organization, monitoring security training and awareness programs for employees.

• Provide guidance on the appropriate classification markings for ITAR, EAR, CUI, FCI, and classified data.

• Other duties as assigned.

Disclaimer:

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position. Avantor is proud to be an equal opportunity employer.

Why Avantor?

Dare to go further in your career. Join our global team of 14,000+ associates whose passion for discovery and determination to overcome challenges relentlessly advances life-changing science.
 
The work we do changes people's lives for the better. It brings new patient treatments and therapies to market, giving a cancer survivor the chance to walk his daughter down the aisle. It enables medical devices that help a little boy hear his mom's voice for the first time. Outcomes such as these create unlimited opportunities for you to contribute your talents, learn new skills and grow your career at Avantor.
 
We are committed to helping you on this journey through our diverse, equitable and inclusive culture which includes learning experiences to support your career growth and success. At Avantor, dare to go further and see how the impact of your contributions set science in motion to create a better world. Apply today!

Pay Transparency:

The expected pre-tax pay for this position is

$85,000.00 - $141,600.00

Actual pay may differ depending on relevant factors such as prior experience and geographic location.

EEO Statement:

We are an Equal Employment/Affirmative Action employer and VEVRAA Federal Contractor. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state/province, or local law.

If you need a reasonable accommodation for any part of the employment process, please contact us by email at recruiting@avantorsciences.com and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.

For more information about equal employment opportunity protections, please view the Know Your Rights poster.

3rd Party Non-Solicitation Policy:

By submitting candidates without having been formally assigned on and contracted for a specific job requisition by Avantor, or by failing to comply with the Avantor recruitment process, you forfeit any fee on the submitted candidates, regardless of your usual terms and conditions. Avantor works with a preferred supplier list and will take the initiative to engage with recruitment agencies based on its needs and will not be accepting any form of solicitation.