JOB QUALIFICATIONS:

Core Competencies-

• Timeliness – Meets deadlines - Completes work in a timely manner.
• Reliability –Achieves commitments - Arrives to work and meetings when scheduled/expected.
• Attitude–Has a positive attitude about performing their job.
• Organization–Manages their own work and schedule
• Accountability –Takes responsibility for actions and resolves own mistakes
• Receptive – open to feedback and willing to grow and improve
• Adaptable –flexible and open to change
• Integrity –High work ethic and integrity
• Follow through –Ensures work completion
• Quality – complete all work with a high level of detail and accuracy
• Professionalism –Conduct oneself in an all-round professional manner
• Communication – Communicate effectively
• Team – Available and supportive of coworkers

Abilities-

• Perform risk assessments/ gap analysis for clients based on their compliance obligations
• Comply with all CMMC, NIST CSF, PCI, HIPAA standards when appropriate
• Provide accurate analysis and CMMC environment scoping guidance to clients to ensure proposed solutions are aligned with compliance controls in the most efficient manner
• Develop and maintain SSP and POAM documentation for in-scope environments
• Remediate POA&M deficiencies by developing necessary policies, processes, and procedures
• Assist with client audits and assessments by providing timely, accurate documentation and evidence to third party auditors
• Provide guidance to clients and complete security questionaries submitted by vendors, customers & partners
• Work closely with other OSIbeyond CISO and CTO to ensure technical solutions and configurations are aligned with compliance objectives

Security Responsibilities-

• Complete training for and maintain awareness of cybersecurity risks including insider threat, and appropriate handling of CUI and other regulated data.
• Treat client data and OSIbeyond data as sensitive, and do not disclose, release or otherwise transfer it outside of OSIbeyond or client environments without written permission.
• Follow cybersecurity requirements as described in the Employee Handbook and other OSI policies.
• Immediately follow incident response procedures when a security incident or concern is noticed.
• Assist with the escorting or monitoring of visitors.
• Assist with user Awareness Training content and tracking
• Participate in the testing and execution of Incident Response procedures
• Assist with Risk Assessment activities
• Assist with Security Assessment activities
• Participate in Security Review Meetings
• Assist with the development and management of POAMs
• Assist with the development and dissemination of policies and procedures

ABOUT THE ROLE:

The Cybersecurity Compliance Manager is responsible for assessing, monitoring, and ensuring cybersecurity compliance for clients, primarily with the Cybersecurity Maturity Model Certification (CMMC) for Department of Defense contractors. The Cyber Security Compliance Manager is responsible for developing,
maintaining and executing
compliance processes and procedures.

KEY RESPONSIBILITIES AND DUTIES:

• Perform risk assessments/ gap analysis for clients
• Provide analysis and environment scoping guidance to clients
• Develop and maintaindocumentation
• Develop necessary policies, processes, and procedures to remediate CMMC POA&M deficiencies
• Assist with client audits and assessments by providing documentation and evidence to third party auditors
• Provide guidance to clients and complete security questionaries submitted by vendors, customers & partners
• Work closely with OSIbeyond CISO and CTO to ensure technical solutions and configurations are aligned with compliance objectives
• Assist with Project Management responsibilities as necessary

Security Responsibilities-

• Complete training for and maintain awareness of cybersecurity risks including insider threat, and appropriate handling of CUI and other regulated data.
• Treat client data and OSIbeyond data as sensitive, and do not disclose, release or otherwise transfer it outside of OSIbeyond or client environments without written permission.
• Follow cybersecurity requirements as described in the Employee Handbook and other OSI policies.
• Immediately follow incident response procedures when a security incident or concern is noticed.
• Assist with the escorting or monitoring of visitors.
• Assist with user Awareness Training content and tracking
• Participate in the testing and execution of Incident Response procedures
• Assist with Risk Assessment activities
• Assist with Security Assessment activities
• Participate in Security Review Meetings
• Assist with the development and management of POAMs
• Assist with the development and dissemination of policies and procedure