Key responsibilities:
1. Cybersecurity compliance & control assessments
perform internal security control assessments validating adherence to internal cyber security/it policies while meeting external frameworks requirements: nist sp 800‑171, cmmc, iso, sox &others.
partner with corp internal audit to drive awareness on sox it controls &ensure remediation plan closures on time.
assist in maintaining evidence repositories for audits, including ssp updates, poa&ms, and continuous monitoring artifacts.
support governance activities aligned with nist csf functions (govern, identify, protect, detect, respond, recover)
2. Regulatory & customer contractual requirements adherence
support responses to customer cyber/compliance inquiries and security questionnaires.
lead external certification assessments &establish plan of action (poam )(eg: cmmc).
gather audit evidence for government, customer, and third‑party cyber assessments.
track remediation of identified compliance gaps and ensure timely closure.
ensure policies have proper traceability to operational controls and support "be-audit-ready" documentation.
3. Continuous controls monitoring & reporting
establish mechanism to monitor &report security control effectiveness and coordinate with technical teams to track remediation actions.
partner with cyber governance lead to establish &manage policy compliance metric
support ongoing risk assessments, vulnerability reviews, and asset classification activities.
assist in conducting supplier or third‑party cybersecurity assessments when required.
4. Policy, standards & procedures support
assist cyber governance team in reviewing, updating, and maintaining cybersecurity policies, standards, and procedures.
requirements:
bachelor's degree in cybersecurity, it, information systems, it audit, or related field.
5+ years of experience in cybersecurity, it audit, grc, or compliance-related functions.
familiarity with nist csf, nist sp 800‑171, cmmc, iso 27001, sox, or similar frameworks.
demonstrated ability to work with leadership and cross functional teams on cybersecurity and enterprise compliance topics.
skills & competencies:
strong understanding of cybersecurity controls, risk methodologies, and compliance requirements.
ability to perform control testing and document evidence clearly.
proficiency in governance tools, or grc platforms
excellent communication and documentation skills for compliance and audit activities.
detail-oriented and capable of managing multiple workstreams across teams.
preferred certifications
sox it and cyber internal auditor
cisa, cdpse, crisc, cissp, or cism
cmmc professional/assessor (preferred)
nivel de antigüedad
director
tipo de empleo
jornada completa
función laboral
tecnología de la información y redacción y revisión
sectores
fabricación de ordenadores, periféricos y artículos electrónicos y fabricación de electrodomésticos y productos eléctricos y electrónicos