IT Security & Compliance Coordinator

Description
Summary
Oversee the execution of our program for evaluating compliance with industry standards (ISO, SOC), federal regulations (FedRAMP/NIST, DOD) and customer contractual requirements. This position interacts with both technology and business leaders across the organization. Assess Information Technology risk, policies, and system settings to verify that controls are effective or remediated to become effective. Lead alert investigations and incident response efforts. Report confirmed incidents to leadership and compliance organizations.
Duties and Responsibilities
Perform annual IT security audits and Self-Assess against DFARS requirements.
Manage the companys PoAM and run projects to mitigate gaps.
Submit answers to company customer cybersecurity questionnaires.
Manage, edit and update IT Policy and procedures and ensure compliance company wide.
Confirm current configuration of IT security systems, document inconsistencies to policy, then lead remediation efforts.
Ensure that the organization complies with external regulations and internal policies.
Manage IT alerting system and develop mitigation standards based on types of alerts. Train other IT staff members on process.
Conduct regular audits and risk assessments, following up with mitigation plans.
Stay up to date on required compliance programs and their changing rules.
Manage and update the cybersecurity plan in order to identify needs and implement comprehensive security controls using multi-layered security and defense in depth.
Collaborate with all operations teams to ensure security controls and configurations are implemented and incorporated in their ongoing operations.
Ensure system security through vulnerability management, system patching and secure configuration policies.
Confirm implemented network security through segmentation, firewall zoning and ACL policies, as well as secure configurations in firewalls, routers, switches, VPNs and load balancers.
Set corporate policies for endpoint security management to prevent malware and insider threats.
Monitor SIEM, IPS, event logs and reports for indicators of attack and indicators of compromise.
Keep security plans and documentation updated, such as the disaster recovery plans and security policies, create internal operating procedures to support and enforce policies and procedures in order to ensure the availability, integrity, and confidentiality of assets and data.
Lead Tabletop exercises that simulate disaster, breach, etc.
Contribute to IT status reports and presentations.
Oversee, develop and provide compliance training to the workforce. Educate and coach internal Technology teams on technology risk, audit, and control principles.
Skills and Specifications
Project management and team leadership
Knowledge of relevant laws, regulations, and standards
Strong analytical and problem-solving skills
Exceptional communication and presentation skills with diverse audience.
Experienced with security solutions (e.g. firewall, VPN, SIEM, IPS, URL filtering, Endpoint protection, MFA, NAC)
Experience with Threat Hunting utilizing major IT security products
Strong understanding of NIST risk assessment and incident response standards
Strong understanding of Microsoft Active Directory, GPOs, Windows DACL/SACL
Ability to perform and analyze packet captures
Knowledge of hacking techniques, vulnerability disclosures, and security analysis techniques
The ability to present and explain security and risk information for business executives to understand
Incident tracking, change management and project tracking systems like ServiceNow.
Ability to identify risks associated with business processes, operations, information security programs and technology projects.
Abi