Cyber Security Architect

American Roll-on Roll-off Carrier, a leading transportation and logistics provider to the US Government, is seeking an experienced (3+ Years) Cyber Security Engineer with strong hands-on implementation experience with NIST 800-171, NIST 800-53 and/or NIST CSF controls.

In this role you will:

• Be execution responsible for the implementation of (and continuous review, update and reverification of) the Company’s IT-related security and compliance requirements and initiatives.
• Develop and maintain NIST 800-171 (future CMMC Level-2) POA&Ms, information system security plans (SSPs) and detailed supporting documentation.
• Collaborate with both internal resources as well as external consultants and auditors, to facilitate compliance reviews and certifications.
• Gain thorough understanding of all of the Company’s technology, and the business and operational processes they facilitate, sufficiently to evaluate controls and identify risk and compliance concerns.
• Execute compliance and information security-related projects in accordance with strategic objectives.
• Develop and verify IT-related remediation and contingency plans.
• Develop and review, on a continuous basis, cybersecurity logs and reports, to verify security.
• Design/identify, implement, and maintain automated solutions, to facilitate proactive notifications of security-related issues/incidents – including unauthorized or inappropriate configuration changes.
• Manage the control frameworks and documents that support our information-security compliance standards.
• Be a reliable, responsible, and accountable self-starter, able to prioritize tasks and work independently.

Required skills/experience:

• Bachelor’s degree in Computer Science, Cyber/Information Security, or similar.
• Minimum of 3 years of experience in a Corporate IT environment, in a hands-on role dedicated to information security compliance , systems security, IT risk management, IT audit, or similar/related.
• Demonstrated hands-on experience with NIST 800-171 and ISO-27001 controls.
• Experience independently evaluating controls which are applied to technology-driven processes.
• Experience authoring and maintaining detailed documentation which define policies, procedures and execution plans, and as proof/support of compliance.
• Strong knowledge of enterprise Information Security pillars (Perimeter security, Identity Management and Governance, Privileged Account Management, Compliance, Penetration testing, Encryption, Cloud Security, Incident Response, Vulnerability Management).
• Familiarity with a variety of technologies, operating systems, databases, and reporting and data analytics tools.
• Ability to effectively communicate security-related concepts to a broad range of technical and non-technical professionals.
• Excellent project and time management and organizational skills.
• Eligibility for security clearance.
• Hybrid position, but must be within commuting distance to Northern NJ for regular meetings. Occasional domestic USA travel (Washington/Virginia, Jacksonville FL).

A plus if you have any of these:

• Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISM), Certified Information Systems Manager (CISA), GIAC (Global Information Assurance Certification)/GSNA (GIAC Systems & Network Auditors) or other similar certification(s).
• Demonstrated experience with NIST 800-53, NIST CSF, SANS / CIS Top 20, Fedramp, FISMA, GDPR.
• Experience with scripting tools such as PowerShell, Python (or others).
• Experience in container solutions (Docker preferred).

Target Salary $125k (DOE)

About ARC

ARC provides global logistics and shipping services to the U.S. Government. ARC and its affiliates own and manage the largest U.S. flag roll-on roll-off (Ro-Ro) fleet. This includes providing American-owned, managed, and crewed RoRo shipping and intermodal services committed to the requirements of the Department of Defense, other U.S. Government departments and agencies, and commercial customers.

.