Responsible for driving the overall NIST Compliance program & other projects in Electrification IT (either global or local InfoSec projects) ensuring that project requirements are well understood in business and IS. Responsible to drive overall methodology to achieve the desired results from projects. Also, achieving compliance to all applicable DFARs clauses as per stipulated time lines.
• Plan the lifecycle of multiple RMF, tasks and activities based on the compliance requirements of DoD and NIST controls
• Capability to understand application landscape and NIST controls requirements of ABB and ability to guide application owners / managers to understand the requirements, assess compliance and lead the improvements as may be required.
• Conduct internal security assessments with business team, local and global IS teams and coach project manager to produce the reports and communicate the results and findings to respective teams.
• Recommend process improvements based upon feedback to IS & business team in an appropriate language and prioritize them for remediation of Cybersecurity weaknesses
• Define and operationalize program metrics
• Refine System Security Plan (SSP) and Plan of Action & Milestone (POA&M) process and implementation strategy and agree the action, responsibility and time frame.
• Provide RMF process training to new IS colleagues and business teams.
• Communicate with IS & business leadership to drive
• Keep up-to-date with emerging security threats as well as industry standards and best practices applicable to medical devices, and apply new knowledge to reduce risk.
• Bachelor’s degree in a business or technical field. BS in Marketing, Management, or Computer Science a plus. MBA or similar advanced degree a plus.
• 7+ years of experience with RMF and NIST package development, maintenance, collaboration, to include obtaining DoD Interim Authority to Test (IATT) and an Authority to Operate (ATO).
• Solid understanding of the Department of Defense (DoD) Risk Management Framework (RMF) and National Institute of Standards and Technology (NIST) guidelines as well as DFARS clauses compliance requirements as applied to manufacturing, projects (including) services business operating / dealing with US Military, DoD and any other federal agency
• Solid knowledge of project management accompanied by a general knowledge of NIST SP 800-53, SP 800-37, ISO/IEC 27001, OWASP, SEI CERT Standards.
• 5+ years of experience in system architecture understanding risk, mitigation, and remediation.
• 5+ years of experience in core project management practices (project estimating, planning/scheduling, and risk management).
• Experience leading cross-functional teams (e.g., sales, R&D, engineering, and services) required.
• Excellent organization skills and business management skills, to include communication, negotiation, motivation, persuasion, and leadership.
• Any DoD 8570 approved baseline certifications (e.g. CISSP, CEH, CAP, CISM) are preferred. In addition, a Project Management Professional (PMP) certification is a plus.
• Willingness to drive and thrive in high pressure environment and willing to provide customer support as needed.