Job Details

Compliance Manager (Information Security)

Reports to: Vice President of Legal and Compliance

Location: North Sioux City, SD

Job Description: The Compliance Manager (Information Security) will be an integral part of the Legal & Compliance (L&C) Department and responsible for the company's compliance information security requirements. The Compliance Manager will be responsible for supporting the management and completion of key information security compliance projects, providing guidance to business units, performing internal audits and self-assessments, and for connecting strategically and driving implementation of the Company's information security compliance initiatives at all levels of the organization. The Compliance Manager will play a key role in strengthening the information security compliance programs and supporting the Company's growth by working on a wide array of information security and other compliance activities in a fast-paced environment, while ensuring corporate guidelines are consistently met. The Compliance Manager may also serve as the Insider Threat Program Official (ITPO) and Facility Security Officer (FSO)/Assistant Facility Security Officer (AFSO) as assigned. The Compliance Manager will report to the Vice President of Legal and Compliance with a dotted reporting line to the Sr. Director of IT.

Required Education/Experience: The Compliance Manager must have a minimum of ten (10) years' experience in supporting information security compliance functions. The Compliance Manager must have proven experience working with the National Industrial Security Operating Manual (NISPOM) and key information security frameworks relevant to government contracting and the IT industry such as: ISO 27001:2002, CMMC 2.0, NIST 800-171 revision 2, NIST 800-171 revision 3. The Compliance Manager must have an active top secret/SCI security clearance. Ideally the candidate will also possess a certified information systems auditor (CISA).

Primary Responsibilities:

• Administer and execute day-to-day security activities such as personnel clearance processing, ITSM program reviews, and fielding regular information security requests and inquiries from colleagues,
• Implement, manage, and support the company's information security systems, processes, and compliance programs to meet requirements.
• Monitor, assess, and modify systems to ensure continual improvement and address changing requirements.
• Prepare for, coordinate, participate in, and help execute internal and external audits.
• Assist in the development, measurement, and reporting of key metrics to drive conformance, efficiency, and continual improvement and collection of evidence of conformance.
• Assist in generating awareness and driving engagement and adoption of policies, initiatives, and other guidelines including insider threat training, CUI protection and safeguarding awareness, and cleared personnel security briefings.
• Serve as subject matter expert on applicable information security requirements and the company's information security systems, processes, and compliance programs for proper administration, maintenance, and oversight of information security activities across the company.
• Assist in the preparation and maintenance of information security and other compliance documentation.

Requirements:

• Proficient understanding of key information security frameworks such as: ISO 27001:2002, CMMC 2.0, NIST 800-171 revision 2, NIST 800-171 revision 3.
• Strong attention to detail, high level of reading and analytical skills and problem-solving skills, ability to learn new concepts quickly, and ability to pivot and communicate efficiently and effectively at a high-level to leadership teams.
• Ability to develop and maintain knowledge of an organization's operations, corporate values, and business goals, and of the compliance landscape as it pertains to the Company, and ability to use that knowledge to anticipate, identify, analyze, and address business and liability opportunities and risks as they pertain to the company.
• Ability to identify, analyze, and provide guidance on where coordination, guidance, review, and approval are needed from external advisors and from other internal departments and stakeholders of the Company.
• Ability to review, understand, evaluate and provide guidance on large, complex projects and a variety of other initiatives based on corporate guidelines and input from various stakeholders of the Company
• High degree of initiative, organization and prioritization in approach to professional responsibilities, including dependability and timeliness, and ability to work independently with minimal supervision
• Proficient understanding of professional ethics, business sensitivities and confidentiality, and ability to manage professional responsibilities with integrity and discretion
• Personal aptitude to thrive in a dynamic, fast-paced environment, and to manage multiple, concurrent responsibilities and competing demands with sound judgment and diplomacy
• Strong communication skills (verbal and written), and ability to work and communicate effectively with all levels of the Company, and ability to generate awareness, deliver training and guidance, and drive engagement and adoption of policies, processes and initiatives.
• Ability to sit at a desk and work on a computer for prolonged periods, and ability to utilize and manage Microsoft Office products and other office programs and tools.

Sterling Computers Corporation ("Sterling") is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to age, race, color, creed, religion, disability, medical condition, economic status or status with regard to public assistance, citizenship status, national or social or ethnic origin, past or present membership in the uniformed services, protected veteran status, sex, pregnancy, marital or civil union or domestic partnership status, family or parental status, sexual orientation, gender expression or identity, family medical history or genetic information, HIV status, political belief, or any other status or characteristic protected by applicable law.