Cybersecurity Compliance Specialist

About Global Information Services (GIS)

Global Information Services (GIS) provides cutting-edge IT solutions and cybersecurity services to internal users and customers. The GIS team is committed to securing enterprise information, ensuring compliance, and proactively mitigating cyber threats.

Position Overview

As a key role in the Enterprise Cybersecurity Team, the Information Security Compliance Specialist is responsible for compliance management, ensuring adherence to frameworks like CMMC and NIST SP800-171. This role encompasses a broad range of responsibilities including policy development and strategic project management of compliance initiatives.

The Information Security Compliance Manager will help navigate increasingly complex and rapidly changing cybersecurity compliance regulations. They will lead framework-based assessments to ensure the enterprise meets all regulatory data security requirements and determine the company's preparedness for audit.

This role reports to the Sr. Director of Information Security and will be an onsite position at the Portsmouth, New Hampshire headquarters.

Key Responsibilities

Compliance & Risk Management

• Lead compliance efforts related to CMMC/NIST 800-171 and other relevant government frameworks.
• Develop and update cybersecurity policy packages and procedures to align with compliance requirements.
• Lead internal and external cybersecurity audits and risk assessments.
• Independently review the effectiveness of controls and control gaps based on the results of testing.
• Provide sound recommendations for audit findings and effectively support conclusions during discussions with stakeholders.
• Effectively communicate audit issues in both technical and non-technical terms to Operational and IT management.

Cybersecurity Operations

• Contribute to the daily monitoring and responding to cyber threats, phishing attempts, and security incidents.
• Coordinate periodic risk assessments, tabletop exercises, and penetration testing in accordance with best industry practices.
• Contribute to the enhancement of security operations policies, processes, and playbooks.
• Contribute to annual awareness training of the workforce on information security standards, policies and best practices.

Cross-Functional Collaboration

• Work with IT operations to ensure security of the global network, mobile devices, and physical security.
• Work with senior management during tabletop and crisis management sessions.
• Facilitate the cyber training and development of other IT members.
• Collaborate with vendor management, procurement, and finance teams on security-related vendor assessments.
• Maintain relationships with government contractors and Defense Industrial Base (DIB) stakeholders.

Qualifications

Required

• 5 years of experience in an IT audit, governance, or information security management framework role (e.g. CIS20, NIST 800-53, NIST 800-171/CMMC, ISO27001)
• Must be a US citizen and eligible to obtain a SECRET clearance
• Experience with government contracting security requirements involving ITAR/CUI
• Experience with managing projects and plans of actions and milestones (POA&Ms)
• Experience managing risk registers, vulnerability management, and security audits
• Extremely proficient in Microsoft Office Applications (e.g. Word, Excel, PowerPoint, and Visio)

Preferred

• One or more relevant certifications (e.g. CEH, Security+, GSEC, CISSP)
• Experience with hybrid IT environments - on-premises and Azure cloud security platforms
• Expertise with security management tools (e.g., SIEM, Tenable, Microsoft Defender)

Personal Attributes

• Excellent written, oral, and interpersonal communication skills with the ability to influence senior stakeholders
• Detail oriented, highly organized with the ability to effectively document critical information and processes
• Proven experience in navigating complex organizations and effective relationship management
• Ability to present ideas in business-friendly and user-friendly language
• Highly self-motivated and self-directed
• Collaborative mindset, with experience working with enterprise technical teams to enhance risk management

• Please Note: Due to the restricted nature of work, only US Citizens and US Persons (permanent residents) will be considered for this role. We cannot at this time sponsor employment visas  (e.g. H-1B visa status).