Cyber Security Manager

Vigor Values

Vigor expects all employees to enhance the atmosphere in which they work by living the Vigor Values every day.

Truth: We seek the truth, and we speak the truth

Responsibility: We act on what we know is right

Evolution: We seek mastery, and adapt to a changing world

Love: We care about the people we work with, and the world we live in

Vigor

Vigor is an industrial company which provides ship repair services to the US Navy and other customers as well as fabrication services to customers in the nuclear, infrastructure, aerospace, and marine end markets. Vigor is one of the largest privately-held companies in the Pacific Northwest.

POSITION SUMMARY:

This position is a critical business partner to the VP of IT, other senior executives and key customers in ensuring that Vigor is compliant with critical DoD security requirements including full CMMC Level 3 compliance and auditability. A successful candidate will ensure appropriate cyber security governance and measures in place to meet customer contractual and business-mandated cyber security requirements and frameworks. The Cyber Security Manager will drive business-wide cyber security initiatives and processes improving the company’s overall security posture.

In addition, you will work with members of the private equity firms The Carlyle Group and Stellex Capital Management, which are shareholders of Vigor’s parent company.

ESSENTIAL FUNCTIONS AND MAJOR RESPONSIBILITIES:

(This list is not intended to detail all aspects of the assigned work but is representative of the job’s overall responsibilities)

• Must live the Vigor Values every day
• Responsible for understanding customer contract requirements with regards to cyber security, and for providing cost and schedule estimates to internal and external stakeholders
• Must understand risk trade-offs with regards to business operations impacts, risk appetite, and team with stakeholders to ensure right level of risk mitigation measures are in place
• Responsible for establishing and ensuring compliance through appropriate policies, processes, and technology with NIST 800-171, ISO 27001:2013, CIS Critical Security Controls, and Naval Nuclear 801 requirements
• Responsible for developing and maintaining System Security Plan (SSP)
• Provides metric-based measurement of risk, compliance, and security posture including report outs to Executive leadership and other stakeholders
• Provides broad technical knowledge across a wide range of Information Security tools, techniques and controls and incorporates projects needed into the IT Technology Roadmap
• Understands and utilizes incident response methodologies, frameworks, tools and techniques
• Participates as member of the Incident Response Team
• Ensures forensics are performed for potential data spills and breaches and provides the necessary information to the Incident Response Team and supports required internal and Federal government reporting within required timeframes
• Responsible for supporting Legal and Human Resources department legal discovery requests and employee investigation requests
• Oversees procedures to ensure security reviews of new technologies being considered and existing technologies in use as part of regular audits and the Request for Change process
• Responsible to ensure ongoing reviews of systems for potential vulnerabilities or attacks for systems included on the approved software list are conducted and follows up on trends with the appropriate IT manager
• Supports project management in the initiation, planning, design, execution, monitoring, controlling, and closure of security projects
• Works with Technical Services and Enterprise Applications managers to ensure processes in place to appropriately harden infrastructure servers, network, and enterprise applications
• Identifies cyber security deficiencies and risk mitigation strategies, develops and oversees corrective actions implementation through technical and non-technical measures working in conjunction with the appropriate IT manager
• Leads tabletop cyber security exercises for Incident Response Team
• Schedules and supports third party cyber security audits
• Oversees an active Cyber Security Awareness and Education Program tailored to business and department needs across company
• Stays abreast of implemented technologies vulnerabilities and sends communications to the appropriate IT team to address

JOB SCOPE:

The role operates within general parameters, but must use sound judgment and independent decision making when carrying out job responsibilities. Responsible for ensuring information is appropriately protected based on its classification. Has the ability to influence and modify existing protocols and practices. He/she has the responsibility to implement security measures in line with established government and contract mandated parameters. Failure to meet these requirements could result in financial impact to the company up to and including loss of contracts. Failure to meet the requirements of the customer could result in significant loss of future business.

SUPERVISORY RESPONSIBILITY: 1-5 Cyber Security Specialist direct reports, oversight of external partners

INTERPERSONAL CONTACTS:

The individual communicates both verbally and written with executives, manager, IT team members, company employees, and external customers. He/she provides regular verbal and written status reports to same group.

KNOWLEDGE SKILLS AND ABILITIES:

• Broad experience directly applicable to position responsibilities listed above
• Experience in leading implementations of large scale compliance programs such as NIST 800-171 and ISO 27001:2013
• Ability to problem solve, prioritize duties and assignments, and monitor all aspects of a cyber security program including network security and information systems security
• Experience in working directly with external customers on contractual requirements, program cyber security reviews, and remediation activities when required
• Sufficient technical knowledge and experience to recommend appropriate cyber security technologies and to assess cyber security vulnerabilities
• Knowledge of vulnerability management process at enterprise scale
• Broad understanding of cyber threat mitigation techniques and security technologies including emerging trends
• Experience in identifying signs of compromise and investigation appropriate investigation techniques
• Excellent written communication, report writing, and presentation skills
• Possess excellent interpersonal skills to include working with customers, employees, management, and security personnel
• Demonstrated leadership experience with cyber security related work
• Must have diplomatic leadership skills within a collaborative teamwork environment to accomplish the necessary results
• Proven and effective communication, analytical, judgment, initiative and execution skills
• Ability to move fast and change directions quickly when needed
• Ability to use common sense working in the role of a principal in a high integrity, high standard, professional, entrepreneurial environment

REQUIREMENTS:

• Experience dealing directly with Federal government customers
• Be a U.S. Citizen
• Ability to obtain and maintain a DoD Secret Clearance
  • Ability to do local travel and out-of-town travel (including air travel) up to 30% of the time with notice.

EDUCATION AND/OR EXPERIENCE:

• 7 years experience with Bachelor’s degree in Computer Science, Engineering or equivalent or 10 years related technical experience (required)

• 5+ years in a cyber security related leadership role

CERTIFICATES, LICENSES AND REGISTRATIONS:

• ISC2 CISSP Certification (preferred)

• ISACA CISM Certification (preferred)

• GIAC GSEC Certification (preferred)

PHYSICAL DEMANDS: Work is conducted in a dynamic, fast-paced office setting with moderate to loud noise levels from production activity in an industrial environment. The individual may be required to be in production areas within the complex. He/she must be able to walk to and from job sites. The person must be able to climb inclined stairways and vertical ladders; to enter confined areas and tanks; to work at heights. The incumbent must be able to frequently bend, squat, crawl, twist and may be required to lift up to 25 pounds. Good finger, hand and wrist dexterity required for extensive computer operations. The person must have good hand-eye coordination and may spend extended time sitting in front of a computer terminal. He/she may be required to work more than 8-hour shifts and weekend work. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

WORK ENVIRONMENT: While in production areas, will be exposed to all weather conditions, noise, dusts and odors. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Vigor and its wholly owned subsidiaries provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veterans, age, disability or genetics. In addition to federal law requirements, Vigor complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, benefits, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.