Cyber and Data Security Manager

Job not on LinkedIn

November 7

⚔️ Virginia – Remote

Although this job is listed in Virginia, this company may be open to hiring remote in other states.

💵 $150k - $200k / year

⏰ Full Time

🟠 Senior

🔴 Lead

👮‍♂️ Cybersecurity / Security Engineer

🦅 H1B Visa Sponsor

Apply Now

Receive Emails with Similar Jobs

ERG

WebsiteLinkedInAll Job Openings

Environmental and Climate Justice • Public Health • Engineering

ERG (Eastern Research Group Inc. ) is a company focused on supporting clients in protecting public health and the environment, improving worker health and safety, and ensuring the safety of food and drugs. They offer a wide range of services including air quality management, clean transportation solutions, environmental and climate justice, and facilities planning and engineering. Their clients include federal agencies and universities, with projects that cover environmental planning, workplace safety, and sustainable infrastructure. ERG is committed to promoting fairness, equity, and social justice through their work and organizational culture.

201 - 500 employees

Founded 1993

📋 Description

• Develop, maintain, and update comprehensive compliance documentation including System Security Plan (SSPs), Plans of Action and Milestones (POA&M), implement policies and procedures and other supporting artifacts to ensure adherence to security standards • Collaborate with both internal resources as well as external consultants and auditors, to facilitate compliance reviews, assessments and gap analyses • Prepare for and facilitate CMMC assessments, including self-assessments and third-party audits by Certified Third-Party assessor Organizations (C3PAO) • Ensure that our information security assets, policies, and processes are reliable, available, provide confidentiality, and are generally safe from unauthorized use and intrusion • Provide day-to-day security support around the infrastructure and procedures used to protect and secure Controlled Unclassified Information (CUI), including ERG’s related computer systems, data, and network • Perform risk analysis on threats, security alerts, and other suspicious systems or network activity • Lead incident response efforts, including investigation, containment, and recovery • Identify and analyze existing processes and procedures to meet new IT Security goals and objectives • Evaluate security incidents to determine impact & escalate appropriately • Monitor, aggregate, label, and manage artifacts related to the Security Program assessment and external audits • Develop, document, and assist with implementing ISO 270001 and NIST/CMMC framework standards, procedures, processes, and guidelines • Plan and monitor security measures for the protection of computer systems, networks, and information, including the use of Security Information and Event Management (SIEM) products • Develop and deliver cyber-related training programs for employees and stakeholders • Provide security awareness training on recognizing and reporting potential indicators of external insider threats • Ensure integrity and security of company data • Support ERG’s Change & Configuration Control Board (CCB) through actions such as documenting change requests and participating in regular CCB meetings

🎯 Requirements

• Bachelor’s degree in computer science, Cyber / Information Security, or a related field • 10+ years working in IT security operations, including a minimum of 3 years in a Corporate IT environment, in a hands-on role dedicated to information security compliance, systems security, IT risk management, IT audit, or similarly related • Must be able to obtain/maintain US DOD Security Clearance • Experience in recommending and implementing policies and procedures to ensure adherence to security standards, including the requirements of NIST SP 800-171 and CMMC Level 2 • Demonstrated hands-on experience with NIST 800-171 and ISO 27001 Controls • Experience performing security audits with specialized SIEM tools (i.e., CrowdStrike, Arctic Wolf, Microsoft Sentinel) in the following environments: Microsoft GCC High, Microsoft 365, Azure AD, and Virtual Desktop • Ability to interpret technical vulnerability findings and work to develop and implement remediation plans • Strong knowledge of enterprise Information Security pillars including Perimeter security, Identity Management and Governance, Privileged Account Management, Compliance, Penetration testing, Encryption, Cloud Security, Incident Response, Vulnerability Management • Ability to effectively communicate security-related concepts to a broad range of technical and non-technical professionals • Hybrid position, ideally within commuting distance of one of ERG’s Massachusetts, Northern Virginia, or North Carolina offices for occasional meetings • Excellent project and time management skills with the ability to plan, organize, and manage tasks on time with minimal supervision

🏖️ Benefits

• health and dental insurance • life insurance • long-term disability • educational benefits • FSAs • generous 401k plan • profit sharing • EAP • 11-20 paid vacation days per year • 10 paid holidays per year • 56 hours or more of sick leave (based on the state you work in) per year (pro-rated for part-time)