Director of Software Engineering

Director of Software Engineering

Location: Detroit, MI (On-site)

Type: Full-time

Clearance: No Clearance Required

Job Description

The Cybersecurity Advisor (CA) specializing in Cybersecurity Maturity Model Certification (CMMC) has expert-level understanding of IT and cybersecurity landscapes, with in-depth knowledge of the CMMC framework, including its requirements, processes, and implementation strategies. The Cyber Advisor will lead client organization’s efforts to achieve and maintain CMMC compliance with current and future standards. The Cyber Advisor will serve as a trusted cybersecurity resource to both technical and non-technical stakeholders and can advise on wide-ranging cyber security topics, including cyber threats, technologies, and best practices, enhancing the organization's overall cybersecurity posture.

Qualified candidates should have a strong technical background (ex, systems, networks, cloud, etc.) in addition to vulnerability analysis, incident reporting, security standards, policy, and training content delivery.

The Cybersecurity Advisor may also conduct classroom and/or webinar instruction in the theory & execution of cyber security best practices to small and medium size business operators. The Advisor will work as part of a team to develop and refine cyber courseware.

Responsibilities

Key Responsibilities:

• Provide expert advice on a wide range of cybersecurity issues, including risk analysis, incident management, compliance, and security architecture.
• Develop and implement cybersecurity strategies tailored to the specific needs and risk profile of the organization.
• Lead client organization's CMMC certification process, from initial assessment to final certification and continuous monitoring.
• Develop and implement a CMMC compliance roadmap, including timelines, resource allocation, and key milestones.
• Lead compliance and security assessments with various cybersecurity frameworks and standards, including CMMC, ISO 27001, NIST 800-171, NIST CSF, ISO 9001, and FedRAMP.
• Act as the primary point of contact for all cyber compliance-related matters, liaising with senior management, external auditors, and other relevant parties.
• Develop and implement cybersecurity strategies tailored to the specific needs and risk profile of the organization.

Framework Implementation:

• Interpret and apply appropriate cyber-related framework requirements to the organization's systems, processes, and policies as applicable.
• Collaborate with IT, security, and operational teams to implement necessary controls and measures to achieve the required compliance with frameworks and policies, including CMMC.

Gap Analysis and Remediation:

• Conduct comprehensive gap analyses to identify deficiencies in current security practices relative to applicable cybersecurity requirements.
• Develop and manage Plan of Action and Milestones (POA&Ms) to address identified gaps, ensuring timely and effective implementation of corrective actions.

Policy and Procedure Development:

• Create and maintain policies, procedures, and documentation required for security compliance, including System Security Plans (SSP).
• Ensure all relevant stakeholders are informed of and adhere to these policies and procedures.

Training and Awareness:

• Work with Instructional System Design teams to create and deliver cybersecurity and awareness training to educate clients and employees on cybersecurity requirements, security policies, and best practices.
• Conduct tabletop exercises to ensure organizational readiness in the event of a security breach.
• Promote a culture of security awareness throughout the organization, emphasizing the importance of compliance.

Audits and Assessments:

• Plan and conduct audits to evaluate the effectiveness of security controls and compliance.
• Prepare for and support external audits conducted by certified third-party assessors (e.g., C3PAOs).

Continuous Monitoring and Improvement:

• Implement continuous monitoring processes to ensure ongoing compliance with CMMC and other relevant security standards.
• Regularly review and update security measures, policies, and procedures to reflect changes in the relevant cybersecurity framework or organizational needs.

Stakeholder Engagement:

• Act as the primary point of contact for all cyber-related matters, liaising with senior management, external auditors, and other relevant parties.
• Provide expert guidance and support to internal teams on CMMC and other cyber-related issues and initiatives.

Risk Management:

• Identify, assess, and mitigate risks associated with non-compliance with security standards.
• Develop risk management strategies that align with the organization's security objectives and compliance obligations.

Reporting and Documentation:

• Maintain comprehensive records of compliance-related activities, including assessment reports, audit findings, and remediation efforts.
• Prepare and present regular status reports to senior management, highlighting progress, challenges, and next steps.

Required Qualifications

• Bachelor's degree in Cyber Security, Information Technology, Computer Science, or a related field.
• Relevant certifications such as CISSP, CISM, CMMC-AB Certified Assessor, or equivalent.
• Extensive experience in cyber security, with a focus on compliance and regulatory standards.
• In-depth knowledge of the CMMC framework and its application in various organizational contexts.
• Strong project management skills, including the ability to manage multiple projects and deadlines.
• Excellent communication and interpersonal skills, with the ability to work effectively with technical and non-technical stakeholders.
• Proficiency in developing and implementing security policies and procedures.
• Analytical mindset with strong problem-solving abilities.

Preferred Qualifications

• A master's degree in Cyber Security, Information Technology, Computer Science, or a related field.
• Familiarity with other regulatory frameworks and standards, such as NIST SP 800-171, ISO 27001, and DFARS.
• Experience working with government contractors and understanding of the federal contracting process.
• Strong technical background, with experience in implementing security controls and technologies.
• Ability to adapt to changing regulatory landscapes and organizational needs.