Manager of Cybersecurity Governance, Risk, and Compliance 03946 NWSOL

Location: Richland, Washington
Title: Manager of Cybersecurity Governance, Risk, and Compliance
Schedule (FT/PT): Regular Full Time
Travel Required: No
Clearance: Ability to Obtain

North Wind Solutions is a Government contracting small business with operations at military and civilian installations across the United States. The company's focus is on facilities operation and maintenance, waste management and radiological services, security control and force protection, and environmental services.

North Wind Solutions is seeking a Manager of Cybersecurity Governance, Risk, and Compliance (GRC) to lead a critical function within our cybersecurity program. This leadership role is pivotal in ensuring the robust security posture of customer sites by overseeing all aspects of cybersecurity governance, risk management, and compliance with federal mandates and best practices. The successful candidate will be a visionary leader, an exceptional mentor, and a skilled program manager with a deep understanding of the federal cybersecurity landscape. This role is a hybrid work-from-home position. Approximately 50% of work will be remote and 50% will be performed in-person at the office or customer locations in Richland, Washington.
ESSENTIAL DUTIES AND RESPONSIBILITIES:

Team Leadership & Mentorship (40%):

• Lead, mentor, and develop a high-performing team of 15-20 experienced cybersecurity analysts specializing in GRC functions (e.g., policy development, risk assessment, internal audit, issues management, security awareness).
• Foster a collaborative and engaging work environment that promotes professional growth, knowledge sharing, and continuous improvement.
• Conduct performance reviews, provide regular feedback, and develop individual development plans for team members.
• Delegate tasks effectively, ensuring equitable distribution of workload and leveraging individual strengths.
• Promote a culture of accountability, proactivity, and excellence within the GRC team.

Program Management (30%):

• Oversee the development, implementation, and maintenance of the cybersecurity GRC program in alignment with federal regulations (e.g., FISMA, NIST RMF, FedRAMP), site policies, and industry best practices.
• Manage and prioritize multiple GRC initiatives and projects, ensuring timely completion and adherence to scope and budget.
• Develop and implement strategic plans for enhancing the cybersecurity GRC posture of customer sites.
• Establish and track key performance indicators (KPIs) and metrics to measure the effectiveness of GRC activities.
• Identify and implement automation and process improvements to enhance GRC efficiency and effectiveness.
• Contract Performance Monitoring & Reporting (15%):
• Monitor and ensure the organization's adherence to the performance requirements and deliverables outlined in its contracts with customers.
• Develop, track, and report on key performance indicators (KPIs) and service level agreements (SLAs) related to cybersecurity GRC activities as required by customer contracts.
• Identify potential deviations or risks to contractual obligations and develop mitigation strategies in collaboration with relevant stakeholders.
• Prepare and present regular performance reports to internal leadership and external customer representatives, demonstrating compliance and program effectiveness.
• Facilitate and support customer-initiated reviews and audits related to cybersecurity contract performance.

Contract Performance Monitoring & Reporting (15%):

• Serve as the primary point of contact for cybersecurity GRC matters with internal and external stakeholders, including senior leadership, federal auditors, agency officials, and other site departments.
• Effectively communicate complex cybersecurity concepts and risks to non-technical audiences.
• Represent the organization in various forums, committees, and working groups related to cybersecurity GRC.
• Build and maintain strong relationships with key stakeholders to foster a collaborative approach to cybersecurity.

ADDITIONAL DUTIES AND RESPONSIBILITIES:

• Perform other duties as assigned.

MINIMUM QUALIFICATIONS:
Education and Experience:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Management Information Systems, Business Administration, or similar.
• 8+ years of relevant work experience, including:
  • 5+ years of progressive experience in cybersecurity
  • Management and leadership experience (e.g., manager/supervisor, team lead, project lead, program lead, or similar experiences in a formal or informal leadership capacity)

Skills and Abilities:

• In-depth knowledge of federal cybersecurity regulations, frameworks, and guidelines, including but not limited to:
  • Federal Information Security Modernization Act (FISMA)
  • National Institute of Standards and Technology (NIST) Special Publications (e.g., SP 800-53, SP 800-37, SP 800-30)
  • Federal Risk and Authorization Management Program (FedRAMP
• Familiarity with cybersecurity tools and technologies used for GRC activities (e.g., GRC platforms, vulnerability scanners, security information and event management (SIEM) systems).
• Excellent written and verbal communication skills, with the ability to articulate complex technical concepts to diverse audiences.
• Ability to manage multiple priorities and meet deadlines.

Special Requirements:

• Must pass pre-employment background check.
• Must pass pre-employment drug screening.
• Applicants are required to have REAL ID ACT compliant documentation at time of hire and nothing on record that would prohibit you from gaining access to Department of Energy sites.
• In accordance with Homeland Security Presidential Directive 12 (HSPD-12) and Department of Energy (DOE) Order 473.1A, this role is required to obtain and maintain a HSPD-12 Personal Identity Verification (PIV) Credential. To obtain this credential, new employees must successfully complete and pass a federal background check investigation. This investigation encompasses multiple areas of eligibility and includes a declaration of illegal drug activities, including use, supply, possession, or manufacture within the last year. This includes marijuana and cannabis derivatives, which are still considered illegal under federal law, regardless of state laws.
• US citizenship required.
• Must reside within the US; work cannot be performed from outside the US.
• Ability to work approximately 50% remote and 50% in-person at the office and customer locations in Richland, Washington.

PREFERRED QUALIFICATIONS:

• Master's degree in a relevant field such as Cybersecurity, Information Technology, Computer Science, Management Information Systems, Business Administration, or similar.
• Relevant professional certifications such as CISSP, CISM, CISA, PMP, or similar.
• Experience working at a large federal civilian agency or national laboratory.

PHYSICAL DEMANDS:
This position is primarily sedentary in nature. The work involves sitting most of the time but may involve walking or standing for brief periods of time. The work may involve exerting up to 10 pounds of force occasionally or a negligible amount of force frequently to lift, carry, push, pull, or otherwise move objects.
WORKING ENVIRONMENT:
Can work in a typical office or work-from-home environment (WFH). The noise level in the office work environment is usually quiet.
REASONABLE ACCOMMODATION:
North Wind offers a competitive pay and benefits package to include health, life, and disability insurance benefits, 401(k) with company match, generous paid leave and tuition reimbursement for eligible employees. As a company, we are committed to employee wellness, professional development, and work-life balance. We value safety, reliability, and commitment to our people! For more information about our benefits or hiring philosophy, visit the North Wind Career Opportunities Page.

Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions. The nature of those accommodations will be determined on a case-by-case basis. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact our Helpline +1.208.528.8718 or use the Request for Reasonable Accommodation form to get assistance.

North Wind is an Equal Employment Opportunity (EEO) employer and welcomes all qualified applicants. Applicants will receive fair and impartial consideration without regard to race, sex, color, religion, national origin, age, disability, veteran status, genetic data, religion, or other legally protected status. All qualified applicants will receive consideration for employment without regard to their protected veteran status and will not be discriminated against on the basis of disability.

Proof of citizenship will be required as a condition of employment.

Candidates may be required to obtain and hold a Secret or Higher US Government Clearance.