At Precision Castparts (PCC), we make extraordinary products for aerospace and other industries. This is made possible by the hard work and creativity of a diverse and global workforce. We are committed to fostering a culture of inclusiveness, empowerment and respect that embraces the differences in who we are. Working together, we will continue to solve complex problems every day.
We are relentless in our dedication to being a high-quality and on-time producer, delivering the highest value to our customers while continually pursuing strategic, profitable growth.
PCC employs more than 20,000 people worldwide in over 120 plants spread across twenty-six states in the US and over a dozen countries.
The Cyber Risk and Compliance Manager role ensures compliance with internal IT security policies and various standards such as NIST, CMMC, and DFARS. Key responsibilities include coordinating division IT security operations, conducting weekly meetings, and managing third-party SaaS risk assessments.
Primary Responsibilities and Areas of Involvement
- Ensure compliance for internal security policy and scorecard.
- Coordinate all division security operations and implementations. Run weekly division security point of contact meetings.
- Ensure compliance for NIST 800-171, 800-172, 800-53, CMMC, DFARS 7012, 7019, 7020, 7021
- 3rd party SaaS risk assessments
- Complete customer cybersecurity questionnaires, and audits.
- Vulnerability Management
- Manage O365 Compliance Center, AWS Config, and Azure Policy.
- Manage Cloud Security Posture Management.
- Manage Cloud Access Security Broker w/DLP.
- Manage Email Security Gateway, DMARC, DKIM.
- Manage Exostar, SAM and SPRS.
- Keep up to date on latest security whitepapers, incidents, tools, tactics for defending against advanced threats
- Attend security conferences
Required Skills
- Experience with cloud security technologies.
- Familiarity with NIST 800-171, 800-172, 800-53, CMMC, DFARS 7012, 7019, 7020, 7021.
- Experience with network protocols, multiple operating systems, web development, and network and domain architectures
- Knowledge of latest cyber threats and tactics, techniques, and procedures used to infiltrate computer networks
- Proven leadership skills with cross-functional teams.
- Strong analytical skills and attention to details.
- US Citizen
Qualifications
- Must have a Bachelors degree and/or 2 years work experience
- Bachelor&39;s degree must be in a relevant field (e.g. Cyber Security, Security Engineering, IT, Computer Science, Computer Engineering, Information Security, Information Assurance, or related degree)
- Work experience must also be in a relevant field (e.g. Cyber Security, Security Engineering, IT, Computer Science, Computer Engineering, Information Security, Information Assurance)
- Any one or multiples of the following are preferred but not required: AWS Security Specialty, MS cybersecurity architect Expert, CMMC Assessor (CCA), CMMC Professional (CCP), GCSA
- Travel up to 10
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
For informational purposes only, the range for annual base salary for this role is $135,500 to $148,500 US Dollar (USD) Salaried based on a variety of factors. For informational purposes only, this role is eligible to participate in the Company’s Executive Bonus Plan, paid out up to 20 of the applicable annual base salary, based on the Company’s performance in the prior calendar year. Employees will receive 120 hours paid time off every year. Employees will also receive 10 paid holidays. Employees (and their families) are eligible to participate in the company&39;s medical, dental, vision, and basic life insurance. Employees are eligible to enroll in the Company’s 401(k) plan.
This position requires use of information or access to production processes subject to national security controls under U.S. export control laws and regulations (including, but not limited to the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR)). To be qualified to work in this facility, a successful applicant must be a U.S. Person, as defined in those regulations, and able to supply evidence of that qualification prior to starting work or be authorized to receive controlled information under a specific license or permission from the relevant government agency. The U.S. export control regulations define a U.S. person as a U.S. Citizen, U.S. National, U.S. Permanent Resident (i.e. &39;Green Card Holder&39;), and certain categories of Asylees and Refugees.
