J-114 Information Security & Compliance Manager
Role details
Job location
Tech stack
Job description
Role Overview: Fabcorp and related entities is seeking a dedicated and compliance-driven IT professional to oversee our information technology infrastructure and ensure full alignment with NIST SP 800-171 and CMMC 2.0 Level 2 security requirements. You will be responsible for implementing technical controls, managing hardware/software stacks, and maintaining the documentation necessary for upcoming self-attestation events or C3PAO certification audits., * Compliance Management: Translate NIST SP 800-171/CMMC requirements into actionable, daily IT operations and document evidence of compliance.
- System Security Administration: Manage and secure the IT environment, ensuring restricted access, encryption (at rest and in transit), and proper identification/authentication controls.
- Audit Preparation: Lead gap assessments, remediate vulnerabilities, and maintain comprehensive System Security Plans (SSPs) and Plans of Action & Milestones (POA&Ms).
- Incident Response: Develop, manage, and test internal incident response plans, logging systems, and continuous monitoring processes.
- Vendor & Asset Management: Maintain hardware and software inventories, oversee supply chain risk management, and ensure third-party tools meet compliance flow-downs.
- Hardware & Software Focus Areas To fulfill these mandates, the candidate will be expected to deploy, configure, and manage the following types of hardware and software solutions.
- Identity & Access Management (IAM/MFA): Deploy Multi-Factor Authentication (MFA) across all endpoints and VPNs; enforce strict Principle of Least Privilege.
- Endpoint Protection & MDM: Utilize Mobile Device Management (MDM) software and Endpoint Detection and Response (EDR) to track assets and prevent unauthorized software installations.
- Encryption Tools: Implement full-disk encryption on all company laptops and secure data-sharing software for Controlled Unclassified Information (CUI).
- SIEM & Log Management: Configure and monitor Security Information and Event Management (SIEM) software for auditing and accountability logs.
- Network Infrastructure: Manage Next-Generation Firewalls (NGFW), intrusion detection systems (IDS), and secure network segmentation configurations. Cloud Environments: Ensure FedRAMP compliant cloud services (e.g., GCC High environments) are correctly configured for secure CUI storage.
PRACTICAL COMPETENCIES
- Plans and implements additions, deletions and modifications to the corporate data network.
- Implements network security systems.
- Oversees and maintains company telephone system including all changes and upgrades.
- Oversees and maintains company video systems including all changes and upgrades and security needs.
- Manage and maintain all corporate computer servers, firewalls, internet connectivity, switch gear, cabling, Wi-Fi equipment, and individual building and plant location connectivity back to the main server frame at all company locations.
- Interact with employees on all IT-related issues and hardware and assist in the training and use of all IT and computer related devices.
- Manages, procures, maintains all telephone or similar communication devices including wireless undertakings for all Company telephonic requirements.
- Handles international communication requirements for Company employees traveling abroad.
- Manages, procures and maintains all video equipment and connections for the Company.
- Disaster recovery planning and maintaining critical systems.
- Software license management. Responsible for procurement, installation, and life-cycle maintenance of all IT related equipment and software.
- Upkeep and cleanliness of work areas.
- Follow company safety & security guidelines
- Attendance and punctuality are essential functions of this job.
- Other duties as needed.
Requirements
- Education: Advanced certificate training or Bachelor degree in Information Technology Experience: 3-5 years of experience in IT infrastructure, network administration, or cybersecurity, specifically within the Defense Industrial Base (DIB).
OTHER QUALIFICATIONS
- Framework Knowledge: Deep, working knowledge of NIST SP 800-171 R3 and CMMC 2.0 requirements.
- Certifications: Preferred certifications might include CompTIA Security+, CISSP, CMMC Certified Professional (CCP), or CMMC Certified Assessor (CCA), Microsoft Certified System Engineer, Microsoft Exchange Server Engineer.Communication: Ability to write and maintain clear System Security Plans (SSPs) and explain technical risks to executive leadership.
PHYSICAL DEMANDS Employee may be required to do the following: climbing into and out of equipment; reaching in all directions, handling and manipulating objects and materials; coordinating the movements of eyes, hands, fingers and feet to operate tools and equipment; lifting up to 50 pounds from ground level, waist level, and/or overhead; carrying objects, tools, equipment, etc.; standing; sitting; walking; pushing; pulling; bending; kneeling; crouching/squatting; crawling; seeing with or without correction; hearing with or without correction. The employee is frequently required to sit while performing the duties of this job (approx. 60%) walk (20%) stand (20%). The employee is expected to lift or move materials (5% of workday)
MENTAL DEMANDS Employee may be required to do the following: following set procedures and standards; applying basic mathematical skills; planning work and selecting proper tools; reading and interpreting information; judging distances and accurately; following oral and/or written directions; reading; writing; ability to recognize and report safety hazards, The individual who occupies this position must not pose a direct threat to the health or safety of such individual or others in the workplace. This means the individual must not pose a significant risk of substantial harm to the health or safety of the individual or others that cannot be eliminated or reduced by reasonable accommodation.