IT Director, Security and Compliance – Charlotte, NC

Job Summary:

The Director of Security and Compliance will lead the IT cybersecurity program at SteelFab. This position will be focused on planning and implementing best practices to facilitate a strong cybersecurity practice within the organization. The chosen individual will lead the effort to create and maintain security policies, standards, audit compliance, metrics, and reporting. This person will lead and manage security audits, risk assessments, training, and awareness. This position will represent Information Security in meetings and communicate security standards across all relevant teams.

Essential Job Functions

1. Working with VP, IT to enhance IT Security program for purposes of becoming compliant with NIST 800-171 and obtaining CMMC certification (Cybersecurity Maturity Model Certification).

2. Creation of new policy documents and maintaining on ongoing basis. Ensures periodic review occurs for updates. Maintaining procedure documents and other documents required of NIST and CMMC.

3. Build the foundation and ongoing program requirements for Risk Assessments and Risk Management practices per NIST requirements.

4. Ensure security and compliance organization wide with the handling and transmission of CUI (controlled unclassified information).

5. Works to develops and mature processes required to support and scale the company’s IT security functions.

6. Act as security and compliance officer and serves as the intake on security related inquiries and coordinating with subject matter experts.

7. Maintain a comprehensive and in-depth component level understanding of IT systems, data flows, applications, technologies, security controls, threats, weaknesses, and countermeasures within the company’s infrastructure.

Qualifications and Requirements

Required: College degree. Experience at the IT management level, in an IT security focused area. Demonstrable knowledge across regulations, compliance, and certifications. These may include ISO27001, NIST 800-53, NIST 800-171, Privacy Regulations (GDPR) and CMMC. Proven experience leading projects and executing with minimal direction. Self-starter with high levels of initiative. Able to develop and direct new processes for the organization. Strong communicator; verbally and in writing. Ability to deliver presentations at the executive level. Strong documentation experience – writing policies and procedures. This position is less of a technical level position, although technical background and understanding is needed.

Preferred: IT certifications are looked upon highly. Proven successful working experience at the management level.