Job Title: Information Security & Compliance IT Manager
Reports to: Vice President of Operations
Job Type: Salary, Exempt
Role Overview: Fabcorp and related entities is seeking a dedicated and compliance-driven IT professional to oversee our information technology infrastructure and ensure full alignment with NIST SP 800-171 and CMMC 2.0 Level 2 security requirements. You will be responsible for implementing technical controls, managing hardware/software stacks, and maintaining the documentation necessary for upcoming self-attestation events or C3PAO certification audits.
KEY RESPONSABILITIES
- Compliance Management: Translate NIST SP 800-171/CMMC requirements into actionable, daily IT operations and document evidence of compliance.
- System Security Administration: Manage and secure the IT environment, ensuring restricted access, encryption (at rest and in transit), and proper identification/authentication controls.
- Audit Preparation: Lead gap assessments, remediate vulnerabilities, and maintain comprehensive System Security Plans (SSPs) and Plans of Action & Milestones (POA&Ms).
- Incident Response: Develop, manage, and test internal incident response plans, logging systems, and continuous monitoring processes.
- Vendor & Asset Management: Maintain hardware and software inventories, oversee supply chain risk management, and ensure third-party tools meet compliance flow-downs.
- Hardware & Software Focus Areas To fulfill these mandates, the candidate will be expected to deploy, configure, and manage the following types of hardware and software solutions.
- Identity & Access Management (IAM/MFA): Deploy Multi-Factor Authentication (MFA) across all endpoints and VPNs; enforce strict Principle of Least Privilege.
- Endpoint Protection & MDM: Utilize Mobile Device Management (MDM) software and Endpoint Detection and Response (EDR) to track assets and prevent unauthorized software installations.
- Encryption Tools: Implement full-disk encryption on all company laptops and secure data-sharing software for Controlled Unclassified Information (CUI).
- SIEM & Log Management: Configure and monitor Security Information and Event Management (SIEM) software for auditing and accountability logs.
- Network Infrastructure: Manage Next-Generation Firewalls (NGFW), intrusion detection systems (IDS), and secure network segmentation configurations. Cloud Environments: Ensure FedRAMP compliant cloud services (e.g., GCC High environments) are correctly configured for secure CUI storage.
PRACTICAL COMPETENCIES
- Plans and implements additions, deletions and modifications to the corporate data network.
- Implements network security systems.
- Oversees and maintains company telephone system including all changes and upgrades.
- Oversees and maintains company video systems including all changes and upgrades and security needs.
- Manage and maintain all corporate computer servers, firewalls, internet connectivity, switch gear, cabling, Wi-Fi equipment, and individual building and plant location connectivity back to the main server frame at all company locations.
- Interact with employees on all IT-related issues and hardware and assist in the training and use of all IT and computer related devices.
- Manages, procures, maintains all telephone or similar communication devices including wireless undertakings for all Company telephonic requirements.
- Handles international communication requirements for Company employees traveling abroad.
- Manages, procures and maintains all video equipment and connections for the Company.
- Disaster recovery planning and maintaining critical systems.
- Software license management. Responsible for procurement, installation, and life-cycle maintenance of all IT related equipment and software.
- Upkeep and cleanliness of work areas.
- Follow company safety & security guidelines
- Attendance and punctuality are essential functions of this job.
- Other duties as needed.
DESIRED EDUCATION and/or EXPERIENCE
- Education: Advanced certificate training or Bachelor degree in Information Technology Experience: 3-5 years of experience in IT infrastructure, network administration, or cybersecurity, specifically within the Defense Industrial Base (DIB).
OTHER QUALIFICATIONS
- Framework Knowledge: Deep, working knowledge of NIST SP 800-171 R3 and CMMC 2.0 requirements.
- Certifications: Preferred certifications might include CompTIA Security+, CISSP, CMMC Certified Professional (CCP), or CMMC Certified Assessor (CCA), Microsoft Certified System Engineer, Microsoft Exchange Server Engineer.Communication: Ability to write and maintain clear System Security Plans (SSPs) and explain technical risks to executive leadership.
PHYSICAL DEMANDS
Employee may be required to do the following: climbing into and out of equipment; reaching in all directions, handling and manipulating objects and materials; coordinating the movements of eyes, hands, fingers and feet to operate tools and equipment; lifting up to 50 pounds from ground level, waist level, and/or overhead; carrying objects, tools, equipment, etc.; standing; sitting; walking; pushing; pulling; bending; kneeling; crouching/squatting; crawling; seeing with or without correction; hearing with or without correction. The employee is frequently required to sit while performing the duties of this job (approx. 60%) walk (20%) stand (20%). The employee is expected to lift or move materials (5% of workday)
MENTAL DEMANDS
Employee may be required to do the following: following set procedures and standards; applying basic mathematical skills; planning work and selecting proper tools; reading and interpreting information; judging distances and accurately; following oral and/or written directions; reading; writing; ability to recognize and report safety hazards
WORK ENVIROMENT
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. The noise level in the work environment is moderately loud.
The individual who occupies this position must not pose a direct threat to the health or safety of such individual or others in the workplace. This means the individual must not pose a significant risk of substantial harm to the health or safety of the individual or others that cannot be eliminated or reduced by reasonable accommodation.
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. Duties may be assigned and/or reassigned as needed and/or instructed by department manager, general manager or other supervisor.
Disability /Veteran / EOE
**********DRUG FREE WORKPLACE*******
FabCorp/Hammonds is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to, among other things, race, religion, color, national origin, sex, sexual orientation or identity, status as a protected veteran, or disability