Description:
This individual will become an authority on representing government compliance lanes in support of the business and technology organizations. Translate regulatory and contractual requirements into process & system impacts and functional requirements designed to ensure operational compliance. Responsible for defining the accreditation boundary, control development, effectiveness testing, and audit management. They will identify and manage remediation activities, prepared reports and budgets, consult on organizational strategy, propose security tools, and process changes. Build strong working relationships and partnerships within own organization and across technology and business teams; strategically communicate the status, risks, and issues associated with the compliance program.
Responsibilities
- Enable compliance to various regulations, industry standards, and company policies including but not limited to CMMC, NIST 800-171 as well as terms and conditions related to T-Mobile’s government contracts
- Lead security, compliance, and risk assessments of processes and technologies to evaluate the effectiveness of compliance, including the creation of SSP and POAM artifacts
- Maintain accurate inventory of technology, processes and people that are required to follow regulations, industry standards, and company policies
- In collaboration with other internal groups, evaluate complex technologies, systems, processes and controls to identify security risks and compliance gaps; work multi-functionally with partner teams for resolution; handle critical issues and resulting timelines to ensure compliance
- Investigates and/or leads identifying security needs and recommends plans/resolutions. Implements, tests and monitors info security improvements
- Support cybersecurity compliance lifecycle throughout, including intake, creation, review, approval, implementation, publishing, communication and maintenance
- Lead security projects driven by groups both internal and external to the cybersecurity organization
- Mentor peer Analysts, in compliance, regulations, control development lifecycle, enterprise solution design, SDLC, facilitation and effective customer interaction
- Also responsible for other duties/projects as assigned by business management as neede
Highly Desired Skills/Qualifications
- Experience with one or more of the following: MS Office, SIEM, Service Now, Splunk, or Python
- 2-5 years' experience with IT governance, compliance, risk and audit programs
- Previous experience with CMMC, NIST 800-171 compliance or similar compliance activities such as SOX, PCI, etc.
- Experience running internal and/or external regulatory related audits and assessments
- IT security control development, control testing, risk remediation, and reporting
- Experience with project management (planning, organizing, and directing resources to bring about the successful completion of specific project goals and objectives)
- Ability to read, identify and interpret policies, regulations, and contract security requirements
- Knowledge of IT or Network technologies
- Previous leadership experience a plus