Cybersecurity Maturity Model Certification (CMMC) Governance, Risk, and Compliance (GRC) Specialist

Company:

Jeppesen is seeking a Cybersecurity Maturity Model Certification (CMMC) Governance Risk and Compliance (GRC) Specialist. This position can be virtual within the US. The CMMC GRC Specialist role is a multifaceted role performing a host of compliance duties in support of the Jeppesen aviation software business. This role will focus on and specialize in CMMC and National Institute of Standards and Technology (NIST) Special Publication (SP) 800171 Controlled Unclassified Information (CUI) and NIST SP 80053 controls. Additionally this role will work in a variety of national and international frameworks ensuring that Jeppesen meets and exceeds minimum compliance with security controls supporting these frameworks supplementing and supporting GRC Compliance Specialists GRC Risk Management Specialists and ISMS owners. The role will support efforts to analyze security practices and controls for the various frameworks analyze Jeppesens current state analyze the deficiencies between current Jeppesen state and implementation of controls determine corrective measures to address deficiencies plan appropriate steps to implement corrections track the implementation of corrective actions and provide internal selfaudits of both processes and operational implementation of the controls. This role works across the organization and is expected to communicate effectively with leadership operations and development in ensuring that Jeppesen establishes and maintains a worldclass compliance team.

Position Responsibilities

• Communicate with groups from CLevel Executives to operations and development
• Willingness to speak truth on security compliance regardless of audience; the role must be willing to express deficiencies when deficiencies exist
• Understand CMMC from scoping the compliance addressing practices develop and update policies and managing full lifecycle
• Understand compliance frameworks and how they interrelate in terms of controls
• Decompose security practices and controls into actionable requirements
• Define write and formally document policies standards procedures guidelines and baselines
• Test policies standards procedures guidelines and baselines for compliance to security frameworks
• Determine noncompliance and/or deficiencies between control expectations and current implementation including ability to provide guidance to fully meet intention of the security control
• Analyze schedule and budgets to determine if tasks are achievable
• Understands risk management including business risk management operational risk management and development risk management
• Problem solver; a desire to see problems as challenges to be resolved
• Continue to learn and improve skills through both JEPPESEN provided training and selftraining

Basic Qualifications (Required Skills/Experience):

• Minimum of 5 years working in CMMC NIST SP 800171 and/or NIST SP 80053
• Experience in developing System Security Plan (SSP)
• Minimum of 5 years working in security practices and controls
• Ability to supplement all areas of GRC at Jeppesen as schedule(s) dictate
• Ability to quickly change from one task to another
• Ability to work in a team and independently as needed by task
• A minimum of 3 years of experience working in compliance and/or auditor role in a highly regulated environment
• Experience working crossfunctional teams providing guidance and improvements
• Experience in vulnerability management patch management or similar
• Domestic and international travel may be required to support audit and compliance efforts at Jeppesen locations in the US and worldwide. This is not estimated to be more than 15% of the employees time.

Preferred Qualifications:

• A bachelors degree or similar level of experience in a technical field
• A security or compliance certification such as CISSP CISA CISM CCP CCA ISO 27001 Auditor etc.
• Ability to effectively discuss security frameworks in detail in how compliance works to shape a business and/or business unit
• Ability to take nonspecific technical controls and data and relate them to technical implementations
• Experience working in Change Control Boards (CCBs) or other oversight groups
• Experience auditing businesses business units or teams for compliance to a security framework
• Experience in at least one of the following security frameworks: NIST ISO 27001 CMMC 2.0 COBIT Cyber Essentials etc.
• Experience in regulations such as GDPR HIPAA FISMA etc.
• Experience in technical roles such as security operations boundary defense vulnerability management

Drug Free Workplace:

Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana cocaine opioids amphetamines PCP and alcohol when criteria is met as outlined in our policies.

Pay & Benefits:

At Boeing we strive to deliver a Total Rewards package that will attract engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.

The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs generally including health insurance flexible spending accounts health savings accounts retirement savings plans life and disability insurance programs and a number of programs that provide for both paid and unpaid time away from work.

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location date of hire and the applicability of collective bargaining agreements.

Pay is based upon candidate experience and qualifications as well as market and business considerations.

Summary Pay Range: $156400.00$211600.00

Language Requirements:

Education:

Relocation:

Export Control Requirement:

Safety Sensitive:

Security Clearance:

Visa Sponsorship:

Contingent Upon Award Program

Shift:

Stay safe from recruitment fraud! The only way to apply for a position at Boeing is via our Careers website. Learn how to protect yourself from recruitment fraud Recruitment Fraud Warning