You are viewing a preview of this job. Log in or register to view more details about this job.

Information Security Compliance Manager

Job Description:
ENSCO is looking for a talented Information Security Compliance Manager to identify, manage, and report on the company’s Cybersecurity, privacy, regulatory, legislative, and contractual obligations. Responsibilities will include performing reviews, assessments, and audits as required in order to maintain certifications and compliance certificates, conducting research, and facilitating communication to internal and external stakeholders where necessary. The position will monitor, coordinate, and enforce policies, standards, procedures, controls, and guidelines to support security, compliance, and audit requirements. 

The Cyber compliance officer's role is to ensure the secure operation of the in-house computer systems, servers, and network connections in accordance with our internal processes, procedures, and compliance requirements. 

Roles and Responsibilities:
•   Developing, implementing and managing an organization’s compliance program.
•   Maintaining and managing the ENSCO corporate System Security Plan
•   Use knowledge and experience of assessing compliance against NIST 800-171, CMMC, and ISO controls
•   Staying abreast of DoD and related federal regulatory compliance laws, mandates, and other requirements.
•   Coordinating with federal and state regulators.
•   Planning, implementing and overseeing risk-related programs.
•   Creating and coordinating proper reporting channels for compliance issues.
•   Developing company compliance communications.
•   Coordinating and scheduling required compliance training for employees.
•   Establish, implement, and maintain the organization’s Information Systems Continuous Monitoring program
•   Develop organizational program guidance (i.e., policies/procedures) for continuous monitoring of the security program and information systems
•   Develop configuration management guidance for the organization
•   Consolidate and analyze POA&Ms to determine organizational security weaknesses and deficiencies
•   Acquire or develop and maintain automated tools to support ISCM and ongoing authorizations
•   Provide training on the organization’s ISCM program and process
•   Provide support to information owners/information system owners and common control providers on how to implement ISCM for their information systems.
•   Derive organizational requirements from documented compliance standards.
•   Collaborate with technical and program personnel to align implementations with technical capabilities and business needs. 

Remote / Telecommuting is available at manager’s discretion.
 
Qualifications Required (Skills) :
  •  Bachelor’s degree in Computer Science, Information Systems, or related field, or equivalent work experience. 
  •  Minimum of 10 years of IT experience with a focus on security and compliance with 3 years of employee management experience.
  •  Significant knowledge and experience with legal, privacy, and regulatory compliance standards such as NIST 800-171, CMMC, ISO27001, SOC2, FedRAMP, GDPR.
  • The ability to work in a fast-paced environment and the skills to deal with ambiguity.
  • Experience with IT governance, risk, and compliance management.
  • Experience coordinating tasks to complete third party assessments.
  • Experience writing policies, procedures, and controls in one or more standards/frameworks.
  • Knowledge of computer networking concepts and protocols and network security methodologies.
  • Knowledge of risk management processes.
  • Knowledge of cyber threats and vulnerabilities.
  • Experience with Risk Management in both a compliance and security context.
  • Ability to handle multiple competing priorities.
  • Ability to work well under minimal supervision.
  • Must be a U.S. citizen

Qualifications Desired :
•   Reside within commuting distance to ENSCO’s Springfield VA, Melbourne FL, or Endicott NY offices.
•   CISSP, CISM, or other relevant security-related designation.
•   Exposure to International Traffic in Arms (ITAR) regulations.
•   Experience securing the public cloud (AWS, GCP, Azure).