MANAGER IT RISK AND COMPLIANCE

The Marvin Group is a Strategic Partner for Global Alternate Mission Equipment and Sustainment
The Marvin Group, a leading defense contractor, plays a crucial role in the development and manufacturing of various systems for military aerospace and vehicles. Based in Southern California near the Los Angeles International Airport, The Marvin Group consists of Marvin Engineering (MEC), Marvin Test Solutions (MTS) and Marvin Land Systems (MLS).  Marvin Engineering designs and produces military Alternate Mission Equipment.  Marvin Test Solutions designs and manufactures armament Test Equipment. Marvin Land Systems specializes in the design and build of power and thermal management systems. For over 60 years we have maintained “A Tradition of Excellence”, serving as a trusted source for our unwavering commitment to supporting all branches of the Department of Defense and our global allies. Our collaboration extends across a diverse array of programs and platforms, including major military prime contractors such as Lockheed Martin, Northrop Grumman, and Raytheon.

POSITION SUMMARY: 

The Manager IT Risk & Compliance will be responsible for leading and managing the organization's IT risk and compliance program, ensuring adherence to critical frameworks including CMMC, NIST, and DFARS. The role oversees all compliance aspects, from risk assessment and vulnerability management to incident response and third-party security. The successful candidate will drive audit readiness, ensure effective security awareness, and establish robust metrics to measure and report on program effectiveness. The Manager IT Risk & Compliance will play a crucial role in maintaining the organization's security posture by managing risk and ensuring compliance to regulatory legislation. This position reports to the Vice President of Information Technology. 

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Manage compliance program across functional teams to ensure all control objectives are met to maintain compliance with CMMC, NIST, DFAR, PII, and GDPR requirements. Monitor changes to relevant legislation and accreditation standards and assess impacts.
• Maintain list of artifacts required to support all security control objectives and agree on appropriate compliance checks with process owners. Identify all recurring process and policy review tasks and ensure they are executed according to the appropriate work instructions.
• Engages with cross-functional leadership to develop audit readiness plans and coordinate with external parties ensuring successful audit outcomes. Conduct annual audit readiness assessments and be the IT point of contact for all information security audit requests.
• Manage the IT document governance process and ensure all appropriate documentation reviews and approvals are completed promptly to the required level of quality
• Manage the Incident Response Plan process (IRP) to ensure compliance with all reporting requirements. Ensure all IT employees are competent in performing required incident response tasks as outlined in the IRP.
• Manage the information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program.
• Establish metrics and reporting mechanisms to measure and communicate risk levels and program compliance to leadership

SKILLS AND REQUIREMENTS:

• Minimum of 3 years of recent experience as a compliance manager with responsibility for conducting internal and external NIST/CMMC information security audits within the Defense Industry
• Minimum of 4 – 7 years of experience supporting enterprise level technology focused on governance, risk, and compliance.
• Degree in Computer Science or technology-related field, or equivalent work- or education-related experience
• Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
• Expert knowledge of relevant regulations and standards related to risk management and information security for defense contractors, e.g. CMMC, NIST SP 800-171, and NIST SP 800-53
• Strong Emotional Intelligence with demonstrated sustained leadership in a large organization involving multiple stakeholders.
• Demonstrated ability to work with diverse people, effective oral and written communication skills.
• Demonstrated management skills, e.g., administration, policy development and implementation, personnel administration, staff training and development.
• Up-to-date knowledge of methodologies and trends in both business and IT
• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
• Project management skills: financial/budget management, scheduling and resource management
• Experience in establishing cybersecurity and risk metrics for reporting

This position must meet export control compliance requirements. All applicants must be “U.S. persons” within the meaning of ITAR, as defined: a U.S. Citizen, a lawful permanent resident, political asylee, or refugee.

Interested parties please apply online and submit resume to https://jobs.marvingroup.com/
Visit us at https://http://marvingroup.com/

The Marvin Group is an EEO/AA/Disability/Vets Employer.

Our company uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.dhs.gov/E-Verify.

If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact People & Culture at 310.674.5030.