Cybersecurity Manager

Apogee Solutions, a Woman-Owned Small Business, is seeking a Cybersecurity Manager to support our corporate Cybersecurity Maturity Model Certification (CMMC) program in Chesapeake, VA. Qualified candidates must be a U.S. Citizen capable of receiving a DOD Top Secret clearance.

The Cybersecurity Manager is responsible for managing, administering, and coordinating Apogee Solutions’ CMMC Cybersecurity Program. Apogee Solutions has achieved a CMMC Level 2 Certification via assessment by a Certified Third-Party Assessment Organization (C3PAO). This role is critical in ensuring the security of Controlled Unclassified Information (CUI), Federal Contract Information (FCI), Covered Defense Information (CDI), Controlled Technical Information (CTI), and International Traffic in Arms Regulations (ITAR) Data, safeguarding Apogee Solutions’ Department of Defense (DoD) portfolio. The Cybersecurity Manager will be responsible for developing, implementing, and managing a secure and compliant enclave for CUI, FCI, CDI, CTI, and ITAR data, ensuring adherence to federal cybersecurity regulations.

The Cybersecurity Manager Will

• Oversee the CMMC compliance program, including gap analysis, certification, and continuous monitoring.
• Maintain cybersecurity posture at Cybersecurity Maturity Model Certification (CMMC) Level 2 with all 110 security controls across 14 domains.
• Ensure full incorporation of cybersecurity standards in accordance with DFARS 252.204-7021, Cybersecurity Maturity Model Certification Requirements
• Maintain cybersecurity compliance with National Institutes of Standards (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations., and NIST SP 800-173, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations.
• Ensure compliance management, continuous monitoring, and facilitating projects to drive long-term evolution of security environment.
• Oversee the lifecycle management of the full CMMC program, including developing and maintaining essential documentation, including the System Security Plan (SSP) and mitigation and reporting of security/cyber related incidents.
• Create, implement, and maintain company-wide security policies and procedures that translate CMMC requirements into actionable practices.
• Manage and lead the response for all internal and external CMMC audits and assessments by preparing for and conducting cybersecurity readiness inspection, self-inspections, and audits.
• Oversee management of IT security policies as related to IT solutions and configuration.
• Conduct risk assessments and oversee the vulnerability management lifecycle for the CUI, FCI, CDI, CTI, and ITAR environments.
• Regularly conduct internal audits to assess the effectiveness of security controls and provide reports and briefings on program status, risks, and milestones to company leadership.
• Nurture external and internal customer relationships, developing cyber security and information security programs, and deliver high quality site and systems security plans.
• Provide key security support to geographically dispersed company employees.
• As needed, design and develop Information Assurance (IA) or IA-enabled products, interface specifications, and approaches to secure the environment.
• Lead/support quarterly Federal Information Security Management Act audits.
  
  

Required Experience

• U.S. Citizen with the ability to obtain a DOD Top Secret clearance required
• Bachelor’s degree in Computer Science, Information Systems, or Cybersecurity from an accredited institution required
• Minimum 2 years of experience with DFARS 7012, NIST 800-171, and other NIST publications required
• Minimum 1 year of experience with various data types such as CUI, FCI, CDI, CTI, and ITAR required
• Demonstrated experience in and exposure to cybersecurity compliance programs and organizations, especially CMMC, Cyber Accreditation Body (CyberAB), and Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) required
• Prior experience with successful implementation of NIST 800-171, CMMC, and ITAR security controls including Microsoft 365 Government Community Cloud High (GCC High) environment and Federal Information Processing Standards (FIPS) required
• Knowledge and skill in cybersecurity fundamentals such as incident management, forensic analyses, obfuscation techniques, vulnerability scans, threat intelligence, encryption, and decryption required
• Broad understanding of client/server and webserver architectures and systems to facilitate required interaction with Managed Security Services Provider (MSSP) required
• Broad understanding of networking technologies, architectures, and tools required
• Knowledge of Internet network addressing required
• Familiarity with programming languages and methodologies required
• Knowledge of data management, retrieval systems, transfer technologies, and backup systems required
• CompTIA A certification required
• Certifications such as Certified Information Systems Security Professional (CISSP), CompTIA Security , Certified Information Systems Auditor (CISA), highly preferred
• CMMC Certifications such as Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA) highly preferred