Senior Information System Security Manager (ISSM)

Business units are in Corona, California; Warren, Massachusetts; Hauppauge, New York; Paris, France; Uxbridge, UK; and Tangier, Morocco. Parent company CIRCOR International is headquartered in Burlington, Massachusetts and CIRCOR Aerospace & Defense is headquartered in Corona, California. 

POSITION DETAILS

Position Summary

CIRCOR is actively searching to identify a dynamic and impactful Senior Information Systems Security Manager (ISSM) to assure that the sites (Corona and New York) comply with all applicable cybersecurity regulations of the Department of Defense (DoD) and to develop/enhance the protection of Controlled Unclassified Information (CUI) and the Cybersecurity Maturity Model Certification (CMMC) framework in accordance with NIST SP 800-171 and applicable DFARs. The Senior ISSM serves as the linchpin of an organization's cybersecurity strategy, tasked with safeguarding data integrity, confidentiality, and availability. The role of a Senior ISSM is instrumental in developing, implementing, and maintaining security protocols that align with regulatory requirements and industry standards. This role requires a blend of technical proficiency, analytical thinking, and strong leadership abilities to manage security incidents, conduct risk assessments, and ensure compliance with security policies.  

The position is also responsible for the Information Assurance (IA) program as stipulated by various US Government requirements from the DoD and regulatory bodies. This person maintains the formal IS security program and policies for their assigned area of responsibility and oversees the operational information systems security implementation policy and guidelines.

The Senior Information Security System Manager deploys, maintains, and supports on premise services. The incumbent also provides impeccable customer service by responding to customer service requests timely and accurately.  Responsible for the design, implementation, maintenance, and support of CIRCOR’s Intel & cloud servers, backend systems supporting the production processes for the division, as well as data storage platforms and hosted services. Provides support in maintaining service levels, and performance monitoring.  Ensures that all allocated tasks and procedures are carried out effectively and efficiently to current documented standards and a

• The Senior ISSM provides support for a program, organization, system, or enclave’s information assurance program.
• Maintains operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed.
• Assists with the management of security aspects of the information system and performs day-to-day security operations of the system.
• Performs vulnerability/risk assessment analysis to support certification and accreditation.
• Manage changes to system and assesses the security impact of those changes.
• Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs).
• Maintains and updates any and all associated Plan of Action and Milestones (POAMs) documentation.
• Works with vendors to identify, troubleshoot, and resolves hardware, software, network-related, operating system issues; research and tests possible solutions and implements solutions.
• Perform daily monitoring and management of backups; monitor backup jobs, execute restore jobs, troubleshoot failed jobs, and initiate corrective actions, when necessary.
• Monitors the health of critical systems, identify trends, and present results to IT Management.
• Ensure operational stability of technologies and services supporting the lines of business.
• Lead & meet project deliverables for new and / or changes to existing technology within project requirements.
• Participate in technical integration activities in support of mergers and acquisitions.
• Complete projects to budget, timelines, quality standards and business stakeholder requirements.
• Maintain broad technical knowledge on current and emerging technologies relevant to the enterprise.
• Monitor cybersecurity compliance by performing periodic self-inspections, tests, and reviews of information systems to ensure that workstations/servers are operating as authorized/accredited and that conditions have not changed.
• Coordinate with program/project stakeholders, IT & Trade Compliance teams, Facility Security and IT team members to define, implement and maintain an acceptable information systems security posture.
• Maintain day-to-day security posture and continuous monitoring of IS including security event log review and analysis, including audit & updates of air-gapped laptops.
• Preparation and maintenance of security Assessment and Authorization documentation.
• Adhere to established IT policies and standard operating procedures.
• Coordinate across other sites and seek Best Practice tools and processes in support of a rigor Cybersecurity posture.

 Internal & External Relationships:

Works closely with all departments to provide a reliable infrastructure to support the business needs.  Frequent communication with all levels of management and associates including IT Cybersecurity officer, Trade Compliance organization and Legal.  Interaction with other ISSMs across A&D sites to establish best practices and an efficient compliance process. Work closely with Customers and all governmental agencies to support the Business relationship in terms of regulation compliance.

CANDIDATE REQUIREMENTS

Senior Information Systems Security Manager (ISSM) Qualifications & Skills:

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• CISSP, CISM, or similar certification.
• Experience with security frameworks such as NIST, ISO 27001.
• Strong understanding of network protocols and security architecture.
• Proficient in using security tools like SIEM, IDS/IPS, and vulnerability scanners.
• Excellent analytical and problem-solving skills.
• Experience in risk management and incident response.
• Strong communication and interpersonal skills.
• Familiarity with cloud security leading practices.
• Bachelor's degree in Cybersecurity, Information Systems, or a related field.
• Minimum of 6-8 years of experience in information security or related roles.
• In-depth knowledge of information security principles and practices.
• Experience with security compliance and regulatory requirements.
• Proficiency in security risk assessment and management.
• Ability to develop and implement security policies and procedures.
• Strong technical skills in network and system security.
• Ability to work independently and as part of a team to support business needs.
• Excellent written and verbal communication skills.
• Strong organizational and multitasking abilities.