Technical Program Manager, GRC

YOUR MISSION

We are seeking an experienced Technical Program Manager (TPM) of Governance, Risk, and Compliance (GRC) to join our GRC team at True Anomaly. The TPM will be a crucial asset in ensuring the security and compliance of our products. The ideal candidate should possess a minimum of 7 years of experience implementing NIST 800-171, NIST 800-53, ISO 27001 and SOC2 controls. Additionally, the TPM must have experience with coordinating internal/external assessments, policy development, and cloud security best practices.

RESPONSIBILITIES

• Implement robust security policy and procedures across True Anomaly's systems and platforms.

• Conduct information technology compliance assessments across various frameworks (e.g., NIST 800-171, 800-53, etc.), to include, but not limited to:

• NIST SP 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations (DFARS 252.204-7012).

• NIST SP 800-53 Rev. 5, Security and Privacy Controls for Federal Information Systems and Organizations.

• Framework for Improving Critical Infrastructure Cybersecurity - NIST Cybersecurity Framework (CSF)

• Cybersecurity Maturity Model Certification (latest version)

• SOC2, ISO 27001, and ISO 27017 requirements

• Review and develop System Security Plans (SSPs) and Plans of Actions and Milestones (POA&Ms)

• Develop and maintain an Information Security Risk Management program

• Develop various policy documents (SOPs/CONOPs) as required. This may include policies regarding Configuration Management, IS Sanitization, Media Security, Password Policy, Business Continuity, Continuity of Operations, Incident Response, Disaster Recover, and Security Assessments.

• Keep management apprised of impending areas of concern, verbally and in writing.

• Develop new, and mature existing information security and enterprise risk policies.

• Initiate and lead ongoing information security maturity assessment processes and training, using industry accepted frameworks and implement into the overall cyber security posture.

• Produce and review key performance indicators for implemented security measures and distribute KPIs.

• Conduct internal audits to ensure unwavering adherence to DoD compliance standards.

• Collaborate with software engineers to fortify software and resolve vulnerabilities.

QUALIFICATIONS

• 7+ years of directly related experience in IT security assessment and experience as an ISSM or ISSO a plus.
• Demonstrated understanding of NIST SP 800-171, NIST SP 800-53, ISO 27001, SOC2 security requirements.
• Verify and document the implementation of security controls necessary to achieve compliance.
• Experience building and rolling out compliance policies
• Experience authoring corporate security policies (e.g., privacy, data, and records retention) and enterprise security
• At least 5 years of experience developing security standards, guidelines, and remediation planning based on best practices and industry
• Comprehensive understanding of incident response, system configuration, vulnerability management, and hardening guidelines within the DoD context

COMPENSATION

• Colorado Base Salary: $110,000-$190,000
• California Base Salary: $115,000-$200,000
• Washington D.C. Base Salary: $115,000-$200,000
• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience.

ADDITIONAL REQUIREMENTS

• Work Location-Successful candidates will be located near Denver, Colorado Springs, Long Beach, or Washington D.C. While we observe a hybrid work environment, some work must be done on site.
• Work environment-the work environment; temperature, noise level, inside or outside, or other factors that will affect the person's working conditions while performing the job.
• Physical demands-the physical demands of the job, including bending, sitting, lifting and driving.

This position will be open until it is successfully filled. To submit your application, please follow the directions below. #LI-Hybrid