Cybersecurity Compliance Specialist

This position will require access to ITAR and/or EAR controlled technical data, technology or source code, and requires that all individuals in this role be authorized to access such information

General Description:

The Cybersecurity & Compliance Specialist is a salaried position reporting to the Information Technology & Systems Manager. The Cybersecurity & Compliance Specialist is responsible for the Cybersecurity posture, compliance, readiness, training and ongoing governance of information systems subject to Cybersecurity Maturity Model Certification (CMMC) and Controlled Unclassified Information (CUI). The Cybersecurity & Compliance Specialist will lead cross-functional working groups and coordinate with External Service Providers (ESP) as required. This position requires strong organizational skills, analytical skills, a high level of attention to detail and knowledge of current requirements for compliance. Good communications skills are required with the ability to work with all levels of the organization diplomatically and skillfully.

Primary Responsibilities:

• Provide governance and CMMC Program Management to ensure compliance to legal and regulatory requirements including dictated customer requirements

• Maintain and update REDAR’s System Security Policy, Plan of Action & Milestones (POA&Ms), Risk assessments and related security policies

• Cyber Security/Disaster Recovery/Incident Response and Business Continuity Planning

• Cyber Security, Controlled Unclassified Information (CUI), Risk Awareness and IT policy training

• Ensure continuous monitoring, logging, vulnerability scanning and system hardening

Education and Experience Requirements:

• Bachelor's degree in computer sciences, Information Systems or a specialized cybersecurity program, which will provide foundational knowledge in network security, risk management, cryptography, and threat detection

• Minimum three years’ experience in the following areas

o Monitoring and remediating Cyber Security threats

o Implementation and retention of corporate policies

o Training employees on Cyber Security policies and awareness

o Windows server administration

o Microsoft Entra ID administration

o Microsoft Office 365 & Exchange administration

• Previous employment with a Department of Defense Contractor preferred

• Previous experience with CMMC and NIST 800-171 compliance preferred

Specific Tasks and Focus Areas:

• Provide governance and CMMC Program Management to ensure compliance to legal and regulatory requirements including dictated customer requirements

o Collaborate with Information Technology & Systems Manager to manage Information System Security for CUI systems

o Cybersecurity Maturity Model Certification (CMMC) and NIST 800-171 Compliance & Governance

▪ Develop and execute a strategic roadmap to achieve and maintain CMMC Level 2 Compliance

▪ Coordinate readiness assessments, gap analysis and remediation planning

▪ Oversee implementation and maintenance of NIST SP 800-171 controls

▪ Implementation, and retention of IT policies, processes and systems required to satisfy CMMC (including NIST 800-171) compliance

▪ Collaborate with business units to develop and implement processes & procedures to support regulatory and customer dictated security requirements

▪ Provide evidence/supporting documents to attest to individual requirements of CMMC and NIST 800-171

▪ Enter data required in Procurement Integrated Enterprise Environment (PIEE) for CMMC, Supplier Performance Risk System (SPRS), etc.

▪ Coordinate with Registered Practitioner Organization (RPO) and Certified Third-Party Assessor Organization (C3PAO) to attain/retain CMMC certification.

▪ Annual attestation coordination

▪ Primary liaison with Customers, Senior Leaders, Managers, Contracts/Exports Department and other internal employees as required regarding CMMC compliance and status

o Supplier Vendor Compliance

▪ Collaboration with Supply Chain

▪ Follow Up on Compliance status & questionnaires

o Monitoring of CMMC related FAR/DFAR clauses

o Develop and execute process to Audit departments and users for compliance

o Current awareness of changing and upcoming security and compliance requirements

• Maintain and update REDAR’s System Security Policy (SSP), Plan of Action & Milestones (POA&Ms), Risk assessments and related security policies

o Review and update System Security Plan (SSP) to reflect current requirements

o Review and update Plan of Action and Milestones (POAM) to reflect current status for meeting/retaining CMMC certification

o Review and update REDAR Information System Security (ISS) policies as required

o Communicate and train users to revised requirements for the SSP, POA&M and related policies

Cyber Security/Disaster Recovery/Incident Response and Business Continuity Planning

o Review and update REDAR’s Incident Response Plan

o Lead security incident response and reporting activities for in-scope systems

o Respond to and oversee mitigation of threats in a timely manner per REDAR’s Incident Response Plan

o Ensure best practices for security with least level of access required are employed.

o Stay abreast of current and trending threats by reviewing Cyber Intel provided by Managed Detection and Response (MDR) and/or Managed Service Security Provider (MSSP) as required

o Collaborate with Information Technology & Systems Manager to implement and support requirements for qualification of Cybersecurity Insurance

o Collaborate with Information Technology & Systems Manager to implement proactive solutions to prevent against new threats as they become known.

o Oversee and direct company communication and education to provide user awareness of ongoing threats and risks

o Oversee system patches/updates to operating systems & clients are implemented

o Awareness of company data Backup, Disaster Recovery and Business Continuity Plans

o Collaborate with the Information Technology & Systems Manager to develop and review that appropriate security procedures are in place to safeguard the systems from physical harm and viruses, unauthorized users and damage to data

o Review and update REDAR’s incident response plan

• Provide Cyber Security, Controlled Unclassified Information (CUI), Risk Awareness and IT policy training

o Develop and maintain training media for cyber security requirements, CUI and risk awareness

o Train employees in cyber security requirements, CUI, risk awareness and company security policies

▪ Onboarding

▪ Annual

o Ongoing current cyber threat awareness training

o Ongoing training on revisions to REDAR’s Information Systems Security Policy (ISS) and related policies

• Ensure continuous monitoring, logging, vulnerability scanning and system hardening.

o Coordinate with contracted External Service Providers (ESP) for Managed Detection and Response (MDR), Managed Service Provider (MSP) and/or Managed Service Security Provider (MSSP) as required

o Coordinate with Information Technology & Systems Manager and Network & Systems Administrator as required

“AA/EOE/W/M/Vet/Disable”

R.E. Darling Co., Inc. is an equal opportunity employer. All qualified applicants will receive

consideration of employment without regard to race, religion, color, national origin, gender,

gender identity, sexual orientation, age, status as protected veteran, among other things, or

status as qualified individual with disability.