· Security Controls: Implement, monitor, and maintain security controls across cloud, on-premises, and hybrid environments to safeguard systems, networks, and data.
· Compliance Management: Ensure compliance with applicable regulations and standards such as NIST, CMMC, ITAR, and others relevant to our industry.
· Security Audits & Assessments: Conduct regular security audits, vulnerability assessments, and risk analysis to identify gaps and propose remediation.
· Security Framework Development: Develop, implement, and enforce security policies, procedures, and standards in line with industry best practices (e.g., NIST SP 800-171).
· Incident Response: Lead the identification, investigation, and response to security incidents, ensuring timely resolution and mitigation.
· Compliance Reporting: Prepare and present detailed reports on compliance status and security metrics to senior management and external auditors.
· Collaboration: Integrate with IT and partner with software, Legal, and other departments to ensure security and compliance are integrated into development processes, infrastructure, and operational practices.
· Security Awareness: Conduct security awareness training and workshops for employees to build a security-conscious culture across the organization.
· Third-party Risk Management: Evaluate and manage security risks from third-party vendors, ensuring that their practices align with the company’s security and compliance requirements.
· Documentation: Maintain detailed documentation for security policies, procedures, and compliance reports to ensure accountability and transparency.