Cybersecurity Manager

Job Description

Job Description

Apogee Solutions, a Woman-Owned Small Business, is seeking a Cybersecurity Manager to support our corporate Cybersecurity Maturity Model Certification (CMMC) program in Chesapeake, VA. Qualified candidates must be a U.S. Citizen capable of receiving a DOD Top Secret clearance.

The Cybersecurity Manager is responsible for managing, administering, and coordinating Apogee Solutions’ CMMC Cybersecurity Program. Apogee Solutions has achieved a CMMC Level 2 Certification via assessment by a Certified Third-Party Assessment Organization (C3PAO). This role is critical in ensuring the security of Controlled Unclassified Information (CUI), Federal Contract Information (FCI), Covered Defense Information (CDI), Controlled Technical Information (CTI), and International Traffic in Arms Regulations (ITAR) Data, safeguarding Apogee Solutions’ Department of Defense (DoD) portfolio. The Cybersecurity Manager will be responsible for developing, implementing, and managing a secure and compliant enclave for CUI, FCI, CDI, CTI, and ITAR data, ensuring adherence to federal cybersecurity regulations.

The Cybersecurity Manager will :

• Oversee the CMMC compliance program, including gap analysis, certification, and continuous monitoring.
• Maintain cybersecurity posture at Cybersecurity Maturity Model Certification (CMMC) Level 2 with all 110 security controls across 14 domains.
• Ensure full incorporation of cybersecurity standards in accordance with DFARS 252.204-7021, Cybersecurity Maturity Model Certification Requirements
• Maintain cybersecurity compliance with National Institutes of Standards (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations ., and NIST SP 800-173, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations.
• Ensure compliance management, continuous monitoring, and facilitating projects to drive long-term evolution of security environment.
• Oversee the lifecycle management of the full CMMC program, including developing and maintaining essential documentation, including the System Security Plan (SSP) and mitigation and reporting of security / cyber related incidents.
• Create, implement, and maintain company-wide security policies and procedures that translate CMMC requirements into actionable practices.
• Manage and lead the response for all internal and external CMMC audits and assessments by preparing for and conducting cybersecurity readiness inspection, self-inspections, and audits.
• Oversee management of IT security policies as related to IT solutions and configuration.
• Conduct risk assessments and oversee the vulnerability management lifecycle for the CUI, FCI, CDI, CTI, and ITAR environments.
• Regularly conduct internal audits to assess the effectiveness of security controls and provide reports and briefings on program status, risks, and milestones to company leadership.
• Nurture external and internal customer relationships, developing cyber security and information security programs, and deliver high quality site and systems security plans.
• Provide key security support to geographically dispersed company employees.
• As needed, design and develop Information Assurance (IA) or IA-enabled products, interface specifications, and approaches to secure the environment.
• Lead / support quarterly Federal Information Security Management Act audits.

Required Experience :