|Location||Moon Township, PA|
|Date Posted||March 31, 2021|
WHO WE ARE
Michael Baker International is a leading provider of architectural, engineering and consulting services, including design, planning, environmental, construction and program management. The company provides its comprehensive range of services and solutions to support U.S. federal, state, and municipal governments, foreign allied governments, and a wide range of commercial clients. Michael Baker’s more than 3,000 employees across nearly 100 locations are committed to a culture of innovation, collaboration and technological advancement to help solve challenges for clients and communities throughout the country. To learn more, visit https://mbakerintl.com/.
Michael Baker International understands that people require choices in where they want to begin to build a sustainable future. For more than 80 years, Michael Baker International has maintained an entrepreneurial work environment that fosters great careers, which ultimately has brought great success to the organization. Michael Baker offers many opportunities to help you grow professionally to build your career. Whether it is in Finance, IT, Human Resources, Technology, Communications, Proposal Production, Legal or our National Practice and Market segments, take your next step with us and help make a difference in the lives of those you work with and those we serve.
The Senior Manager Governance, Risk Management, and Compliance (GRC) will work closely with Information Security Team members as part of the Office of the CISO (OCISO); collaborating with Information Technology Service (ITS), Legal, Service Owners, Product Owners, Human Resources, Contracts, Strategic Sourcing, and Supply Chain partners to ensure data integrity is considered throughout a projects lifecycle and is built into the technology ecosystem.
This individual must be a hands-on self-starter, a highly experienced practitioner who is able to construct a risk management framework best suited for the company.
You will lead GRC in all aspects of application and infrastructure design within our technology environment. As a key risk advisor, you will be addressing business issues and processes that impact both current and future internal IT solutions as well as external partners. This role requires the ability to work cross-functionally with ITS Teams, PMO, Cybersecurity Team peers and other key stakeholders, leveraging your well-developed analytical skills in dissecting complex problems, and delivering clear recommendations to reduce risk and improve overall data integrity.
Essential Duties & Responsibilities
- Design and implement the overall risk assessment service; ensuring process, procedures, design and implementation address comprehensive data integrity control requirements that meet internal company and external regulatory mandates.
- Review control evidence for adherence to accuracy, completeness and effectiveness of the control as it relates to ensuring data integrity.
- Subject matter expertise in the areas of:
- Risk Management
- Risk Identification
- Mitigation Strategy Development
- Compliance framework design
- Risk Registry Development/Tracking
- Computer Operations
- Risk Assessment
- Supply-Chain Risk Management
- Help define remediation/mitigation for internally and externally identified data integrity issues and track remediation progress.
- Assist in the management of IT processes, controls, testing and remediation.
- Develop a comprehensive mechanism for documenting/tracking variances to policy.
- Collaborate and build long-term relationships with key stakeholders in a matrixed work environment.
- Plug-in with PMO, ITS, Information Security, Corporate Security, and Service Owners
- Establish/build trusted relationships with Lines of Business stakeholders to ensure quality, consistency and operability of new and existing controls.
- Support the review of IT tools, control designs, and control remediation planning efforts.
- Manage multiple concurrent projects with quality and in accordance with a documented schedule that meets or exceeds customer expectations.
- Produce detailed timelines for each assigned project and implement effective project controls by monitoring progress and reporting status.
- Foster an innovative and inclusive team-oriented environment. Play an active role in seeking development opportunities
- Mentor Cybersecurity, ITS staff, and program members to facilitate growth, internal career development, and overall satisfaction and retention objectives.
- Participate as senior member, during hiring process, working towards building a high performing Team across Information Security
- 15 years Develop, implement and coordinate the Information Security Risk Management Program
- 10 years Develop, implement and coordinate the risk and compliance program to manage Supply-Chain vendors and suppliers
- 10 Years Develop, implement, maintain and enforce Global security policies, standards and guidelines
- Assess, report and mature the compliance posture for regulatory and contractual requirements as well as internal policies and guidelines
- Manage, promote and monitor the Global Information Security training and awareness program
- Participate as part of the Team of the Disaster Recovery and Resilience implementation
- Develop the internal process designed to perform cybersecurity maturity model certification (CMMC) self-assessments and recommend changes and new initiatives aligning with DOD expectations.
- Lead preparations for external driven audit initiatives.
- Develop, implement, maintain and enforce data classification and protection standards
- Establish and maintain metrics and program control mechanisms to track program progress as well as the current state of defenses and protections.
- Maintain expertise on security trends through training, research and development to mitigate potential security exposures.
- Design an effective proactive risk assessment and subsequent monitoring effort.
- Assume ownership and update responsibility of the current SSP and POA&M addressing US Government controlled unclassified information (CUI) protection requirements and deadlines.
- Lead efforts to assess impact of deficiencies and develop action plans for remediation.
- Lead/Manage risk and compliance projects working with PMO to achieve successful outcomes.
- Participate in new system implementations and initiatives to provide scalable solutions, as well as risk and controls expertise.
- Collaborate with Information Security and ITS to establish an effective approach leveraging an audit process ultimately building out a continuous monitoring construct.
- Familiarity of Microsoft Windows platform secure server and workstation configuration practices that help provide for a defense-in-depth posture (CIS Benchmark knowledge is preferred).
- Experience in service delivery management areas such as, procurement, annual budget forecasting, deployment, maintenance, monitoring, health and performance reporting.
- Strong working knowledge information security concepts, terms, standard practices, and regulatory compliance requirements such as DFARS/FARS, GDPR, Cloud Security Alliance (CSA), NIST 800-53, 800-171, and CIS Benchmarks, etc.
- BS Degree in Computer Science, Information Systems, or other related field (or equivalent work experience).
- Masters’ Degree preferred.
Minimum Qualifications, Skills and Abilities
- A minimum of twenty (20) years of professional experience
- A minimum of ten (10) years of managerial experience
- 15 years’ work experience in IT Risk Management, SOX compliance, Master Data Management and/or auditing and a strong background in internal controls.
- 10 years people management experience
- Pro-active, strategic approach to problem solving.
- Knowledge of current technological trends and developments in the area of Risk Management, and auditing standards.
- Strong analytical, interpersonal, and communication skills.
- Demonstrated ability to collaborate with a diverse set of internal and external stakeholders, including senior leaders, business and functional representatives, and vendors / consulting partners.
- Ability to identify project impacting issues and work with control owners and various IT solution teams to develop and implement solutions.
- Strong collaboration skills and a demonstrated ability to approach technical and business solutions in a consultative manner.
- Industry related certification preferred (e.g. CISSP, CISA, CISM, etc.).
MICHAEL BAKER INTERNATIONAL EEO STATEMENT
Michael Baker International is proud to be an Affirmative Action/Equal Opportunity Employer. Michael Baker International provides equal employment opportunity for all persons, in all facets of employment. Michael Baker International maintains a drug-free workplace and performs pre-employment substance abuse testing and background checks. We encourage all qualified applicants to apply for any open position for which they feel they are qualified and all will receive consideration for employment without regard to race, color, religion, age, gender, sexual orientation, gender identity, national origin, citizenship status, marital status, genetic information, disability, protected veteran status or any other legally protected status.
EEO is the Law. Applicants to and employees of Michael Baker International are protected under Federal law from discrimination.