Job Information
Draper Info Systems Security Officer in Cambridge, Massachusetts
Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 1,800 employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com.
Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers.
Equal Employment Opportunity
Draper is committed to creating a diverse environment and is proud to be an affirmative action and equal opportunity employer. We understand the value of diversity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.
Draper is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact hr@draper.com.
This position will assist in leading the Information Assurance Program and is responsible for ensuring that various classifications of Draper’s data/information are defined and that such data is protected to comply with the numerous federal/state/agency regulations that pertain to said information/data while working under the direction of the Information Assurance Compliance Manager. The Senior Information Security Compliance analyst is charged with assisting the organization with the identification, assessment, measurement, monitoring and management of risk and compliance. The Senior Information Security Compliance Analyst will focus primarily on customer security risk assessments, development of system security plans, and performance of internal audits against NIST control frameworks. This position is to support a fast-paced culture in innovative and flexible ways to empower employees to make smart security decisions. This role will work closely with members of the Information Security team to implement the procedures and controls necessary to ensure and protect the safety and security of information systems, assets, and customer data. A well-qualified candidate will be comfortable working with executive and technical leadership to instill the importance of security risk management in all areas of the business.
Responsibilities include:
SME of Draper’s Governance Risk and Compliance (GRC) technology tool.
Development and oversight of system security plans (SSPs), for systems/databases that contain, or will contain CUI. This includes being liaison to engineers/corporate staff as key stakeholders relative to ownership of the SSPs.
SME relative to the approved marketplace solutions (cloud & on-premises) relative to cyber solutions and information technology platforms.
Review of Draper’s supply chain cyber questionnaires and follow-up with vendors/contractors ensuring that Draper’s controlled unclassified information (CUI) is protected within those vendors’/contractors’ computing environments.
Assist in corporate policy development, documentation, and socialization to ensure adherence to such policies, including refresh/overhaul relative to such policies.
Oversee development/implementation of procedures and standards pertaining to the policies.
Review of Draper’s supply chain cyber questionnaires and follow-up with vendors/contractors ensuring that Draper’s controlled unclassified information (CUI) is protected within those vendors’/contractors’ computing environments.
Documenting information security control artifacts and follow-up of plan of actions and milestones (PoAM) items to ensure compliance with various regulations, with particular focus on CUI.
Identifier of risk relative to information/cyber risk, and SME relative to measures regarding minimization of such risks to ensure that Draper’s reputation is not impacted.
Liaison to the Defense Industrial Base (DIB) including attending all meetings (approximately 4 times per year) and then reporting back to Draper upcoming requirements per DoD.
Qualifications:
Must have an appetite for continuous learning and stay current with industry trends relating to cyber security, privacy, and risk.
Bachelor’s Degree or equivalent combination of education and experience in Information Security, Computer Science, Management Information Systems, or related curriculum.
3 to 4 years of experience in Compliance and Risk Management
Technical and functional experience in domain of Governance, Audit, Risk Management and Regulatory Compliance.
Knowledge of the following frameworks/compliance regimes; NIST, CMMC and Fed Ramp compliance.
Proven understanding of risk assessment methodologies, frameworks, and procedures and the ability to work flexibly with them to meet organizational size, maturity, and culture consideration.
Open to learning and working on new domains and technology.
Extensive knowledge of CUI and the control sets and documentation necessary for adherence to CUI management and safe keeping.
Ability to think strategically about security risks and tie those to tactical organizational activities and goals.
Experience planning, researching, and developing security policies, standards, and procedures.
Ability to clearly articulate issues and communicate in an effective and personable manner.
Experience building network of relationships across functions and to inform and liaise with senior management.
Experience with, and relationships with the Federally Funded Research and Development (FFRDC) organizations.
Processes development and implementation and standards expertise with insights into engineering models and tools.
DoD background, with expertise relative to the DFARS 7012 clause and its implementation/controls requirements.
ID: 2023-7340
External Company Name: The Charles Stark Draper Laboratory Inc
Telecommute: No