Job Summary: Provide leadership strategic direction and compliance guidance for the NEXCOM IT cybersecurity program to include Provide leadership strategic direction and compliance oversight for the NEXCOM IT cybersecurity program. This includes developing implementing and maintaining a comprehensive IT compliance framework to ensure alignment with regulatory requirements industry standards and organizational policies. Key responsibilities include leading compliance audits managing risk assessments collaborating with cross-functional teams to address gaps and enhancing compliance processes. This role reports to the VP of Security and Infrastructure.

Duties and Responsibilities:

Incumbents of this position must be U.S. Citizens.

- Develops, maintains and executes departmental operating budgets in support of the corporate IT cybersecurity compliance program.

- Direct and manage corporate IT cybersecurity compliance program planning, management and support activities for areas of responsibility.

- Develop, maintain, and enforce corporate IT cybersecurity compliance program standards (e.g., policies, procedures, processes) and protocols.

- Lead IT compliance audits, risk assessments, and remediation efforts to address identified vulnerabilities.

- Maintains NEXCOM's IT cybersecurity Risk Management Program. Monitor regulatory developments and assess their impact on organizational policies and procedures.

- Develop and oversee incident response plans ensuring NEXCOM's preparedness to promptly and effectively address security incidents. Gather and preserve evidence as needed for documentation.

- Maintains oversight of the NEXCOM Governance, Risk and Compliance (GRC) tool to provide real time security awareness. Provides risk based recommendations based on these results.

- Prepare, distribute, and maintain plans, guidance, and standard operating procedures for compliance requirements.

- Collaborates with executive leadership to align cybersecurity compliance initiatives with overall NEXCOM organizational goals.

- Liaison and collaborate with NEXCOM's Echelon II for TASKORDS (Task Orders), EXORDs (Executive Order), and data calls.

- Direct and manage NEXCOM's vendor audit process. Delivers risk based recommendations to CISO based on the findings.

- Evaluates and analyzes existing NEXCOM IT contracts to ensure contract language minimizes security risks. Develops and maintains security requirement template language for IT acquisitions.

- Participates in NEXCOM audits, including KPMG, PCI, and Command Inspections.

- Conducts internal reviews to ensure full IT systems and project plans are in compliance with security policies.

- Direct the implementation and management of security awareness programs, policies and procedures among users.

- Supervise a technical staff. Direct assignments, answer questions, establish performance standards and complete work performance reviews, approve leave and determine training requirements.

- Design and implement training programs to ensure security posture, compliance, and policy adherence.

- Ensure leadership is apprised of all cybersecurity and compliance related issues.

- May prepare and present compliance reports and updates to executive leadership as required.

- Strong leadership, strategic planning, and communication skills are essential to foster a culture of compliance and accountability across the
organization.

- This role is critical in safeguarding the organization’s technological integrity and ensuring sustained compliance in an ever-evolving regulatory
landscape.

Performs other related duties as assigned.

Information Assurance Workforce Certifications:
Incumbent of this position must be eligible for and obtain a Top Secret Clearance, within 6 months of appointment. Failure to obtain such will result in termination.

This position is designated IT-1 (Critical - Sensitive) in accordance with SECNAV M-5510.30 and will require a favorable Single Scope Background Investigation (SSBI).

The incumbent of this position must file a Financial Disclosure Report (OGE) Form 450, as required.

Requires 10 years of any combination of experience as indicated below:

General Experience: Three years of progressively responsible experience in technical, administrative, or managerial roles that demonstrated the ability to manage IT compliance programs, or other responsible work that demonstrated the ability to lead audits, address cybersecurity risks, strategically plan, and collaborate effectively across functional teams.

OR Substitution of Education for Experience:One year of academic study beyond high school may substitute for 9 months of general experience, up to a maximum of a 4 year bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field.

And Specialized Experience: At least seven years of progressively responsible experience in IT compliance and cybersecurity, including:
-Leading compliance audits and risk assessments;
-Managing regulatory requirements and developing policy frameworks;
-Supervising technical teams and delivering security awareness training;
-Oversight of Governance, Risk, and Compliance (GRC) programs and providing risk-based recommendations.

Certifications required:
1. Must possess or obtain one of the following within six months of appointment:
o GIAC Security Leadership Certification (GSLC)
o Certified Information Systems Security Professional (CISSP)
2. Equivalent certifications may also be accepted.

Security Clearance required:
Must be eligible for and able to obtain a Top Secret/Sensitive Compartmented Information (TS/SCI) clearance within six months of appointment. Failure to obtain this clearance will result in termination.