CMMC Information Security Expert North America

External Job Description

This position is responsible for the continuous technical and process development and implementation of the security requirements, based on the NIST 800-171 and DFARS in accordance with CMMC. These requirements must be implemented and maintained for four manufacturing sites, Valencia, CA, St. Marys, PA,  Arkadelphia, AR and Sinking Springs, PA. 

This position will functionally report to the Head of Information Security in Germany and legally to Head of Shared Services NA and should be able to present and discuss on management level, whilst having reasonable experience of at least five years in the technical and organizational information security business and a good knowledge of said requirements including ISO 27001. 

Overall, the incumbent will be responsible for making and keeping the described sites CMMC compliant throughout the entire implementation phase and afterwards.

Skills/Experience:
•    University Degree in IT or comparable, specialized professional experience
•    5 years of experience in Information Security
•    Experience in Information Security Consulting
•    Deep analytic skills for complex technical and organizational topics
•    Experience with Export Controlled information, ITAR and CUI
•    Strong communication and training skills
•    Optimal would be experience in production related IT (OT)

Dimension / Complexity:
•    4 Sites, NA
•    >15 Information Security Policies
•    Inhomogeneous IT landscape
•    Diverse technical landscape of very different maturity levels and high technical complexity
•    Highly diverse stakeholders and needs (Management, Sales, Office, Production…)
•    Cooperation with Data Privacy, Export Control, Compliance, and Legal

Key Accountabilities:
•    Risk Assessment and consulting of IT and production departments on all information security related technical requirements
•    In the context of IT projects, ensuring the required level of security in line with SGL's high requirements
•    Definition of security-relevant framework parameters for technical solutions
•    Implementation and continuous improvement of the information security management system (ISMS) following ISO 27001 standards including processes, requirements, regulations and leading documents.
•    Integration and enforcement of Information Security Policies and exception evaluation.
•    Identify and maintain legally binding requirements and ensure secure implementation and compliance during implementation and operation of IT equipment in any kind or form.
•    Self-reliant and independent leading and processing of projects regarding time, scope and budget.
•    Planning and execution of external supplier/certification audits (CMMC) and internal compliance audits to policies.
•    Developing and execution of security trainings for SGL employees in the US
•    Coordination and support of the policy compliant implementation of information security relevant access controls (NAC 802.1X, Firewall Changes, FIPS 140, Web Access, Cloud authentication and authorization (Conditional Access, ADFS, MFA, BYOD, etc.)

#CB1