Technical Program Manager – GRC
Full time @True Anomaly posted 2 days ago in Engineering Shortlist Email JobJob Detail
-
Job ID 26748
-
Experience 4 Years
-
Qualifications Degree Bachelor
Job Description
“OUR VALUES
Be the offset. We create asymmetric advantages with creativity and ingenuity
What would it take? We challenge assumptions to deliver ambitious results
It’s the people. Our team is our competitive advantage and we are better together
YOUR MISSION
We are seeking an experienced Technical Program Manager (TPM) of Governance, Risk, and Compliance (GRC) to join our GRC team at True Anomaly. The TPM will be a crucial asset in ensuring the security and compliance of our products. The ideal candidate should possess a minimum of 7 years of experience implementing NIST 800-171, NIST 800-53, ISO 27001 and SOC2 controls. Additionally, the TPM must have experience with coordinating internal/external assessments, policy development, and cloud security best practices.
RESPONSIBILITIES
Implement robust security policy and procedures across True Anomaly’s systems and platforms.
Conduct information technology compliance assessments across various frameworks (e.g., NIST 800-171, 800-53, etc.), to include, but not limited to:
NIST SP 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations (DFARS 252.204-7012).
NIST SP 800-53 Rev. 5, Security and Privacy Controls for Federal Information Systems and Organizations.
Framework for Improving Critical Infrastructure Cybersecurity – NIST Cybersecurity Framework (CSF)
Cybersecurity Maturity Model Certification (latest version)
SOC2, ISO 27001, and ISO 27017 requirements
Review and develop System Security Plans (SSPs) and Plans of Actions and Milestones (POA&Ms)
Develop and maintain an Information Security Risk Management program
Develop various policy documents (SOPs/CONOPs) as required. This may include policies regarding Configuration Management, IS Sanitization, Media Security, Password Policy, Business Continuity, Continuity of Operations, Incident Response, Disaster Recover, and Security Assessments.
Keep management apprised of impending areas of concern, verbally and in writing.
Develop new, and mature existing information security and enterprise risk policies.
Initiate and lead ongoing information security maturity assessment processes and training, using industry accepted frameworks and implement into the overall cyber security posture.
Produce and review key performance indicators for implemented security measures and distribute KPIs.
Conduct internal audits to ensure unwavering adherence to DoD compliance standards.
Collaborate with software engineers to fortify software and resolve vulnerabilities.
QUALIFICATIONS
7+ years of directly related experience in IT security assessment and experience as an ISSM or ISSO a plus.
Demonstrated understanding of NIST SP 800-171, NIST SP 800-53, ISO 27001, SOC2 security requirements.
Verify and document the implementation of security controls necessary to achieve compliance.
Experience building and rolling out compliance policies
Experience authoring corporate security policies (e.g., privacy, data, and records retention) and enterprise security
At least 5 years of experience developing security standards, guidelines, and remediation planning based on best practices and industry
Comprehensive understanding of incident response, system configuration, vulnerability management, and hardening guidelines within the DoD context
COMPENSATION
Colorado Base Salary: $110,000-$190,000
California Base Salary: $115,000-$200,000
Washington D.C. Base Salary: $115,000-$200,000
Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave
“
Other jobs you may like
-
Platform Engineer, Staff (16 open headcount)
- @ Hebbia
- New York City