Information System Security Officer (CMMC Compliance)

The Opportunity:

Under general supervision, develop and execute security controls, defenses, and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce, and web-based systems. Maintain hardware, software, and network firewalls and encryption protocols. Administer cybersecurity policies to control physical and virtual access to systems. Perform network security audits and testing, evaluate system security configurations to ensure efficacy and compliance with policies and procedures. Conduct penetration testing and vulnerability assessments of applications, operating systems, and/or networks. Provide information to management regarding impact on the business caused by theft, destruction, alteration, or denial of access to information and systems.

The Opportunity:

NuSil is seeking an Information System Security Officer to develop & administer a CMMC compliant information systems security program supporting our high-performance silicones business serving the Aerospace & Defense industries.

What we're looking for (Education): Bachelor's degree with three years of Information Security or related experience. In lieu of a degree, an additional four years of applicable work experience may be substituted.

Certifications: CCP, CCA, CISSP, CISM, or CISA preferred.

Experience: Must have detailed knowledge of Cybersecurity Maturity Model Certification (CMMC) and/or NIST SP 800-171, with demonstrated experience in compliance assessment and risk management. Working knowledge of the National Industrial Security Program Operating Manual (NISPOM) and Defense Federal Acquisition Regulation Supplement (DFARS) preferred.

Those necessary to perform the job competently:

• Must be a US Citizen
• Must have and be able to maintain an Active U.S. Government security clearance.
• Bachelor's degree (Information Security, Computer Science, or related field) with three years of Information Systems Security, Cybersecurity, or related experience.
• Demonstrated understanding of secure information system design, implementation, and maintenance is required, along with strong knowledge of continuous monitoring and risk management/assessment practices.
• Excellent verbal and written communication skills. Strong interpersonal skills to effectively collaborate with customers, cybersecurity professionals, and colleagues.

Preferred Qualifications:

• Bachelor’s degree in information security, computer science, or a related field.
• Minimum of three years of experience in information security, focusing on compliance and risk management.
• Extensive experience with NIST SP 800-171 and CMMC requirements.
• Strong knowledge of continuous monitoring and risk management/assessment practices.
• Experience with System Security Plan (SSP) and Plan of Action & Milestones (POA&M) management.
• Experience with Controlled Unclassified Information (CUI) data protection requirements.
• Relevant certifications such as CCP, CCA, CISSP, CISM, or CISA are preferred.
• Ability to obtain and maintain an Active U.S. Government security clearance at the Secret level with a recent background investigation.
• Ability to obtain and maintain SAP approval within a reasonable period.
• Understanding of NISPOM and DFARS.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and as part of a team.
• Adaptability to a fast-paced environment and strong interpersonal and leadership skills.
• Proven positive working relationships with internal and external customers.
• Ability to follow projects through to completion and adapt to changing priorities.

How you will thrive and create an impact (Major job duties & responsibilities):

The IS Security Officer (CMMC Compliance) will oversee compliance with CMMC requirements, manage SSP and POA&M, conduct risk assessments, and ensure CUI protection. The candidate should have extensive experience with NIST SP 800-171, continuous monitoring, and risk management.

• Develop and maintain policies and procedures for CMMC compliance, oversee controls, conduct audits.
• Maintain and update the System Security Plan (SSP).
• Manage POA&Ms to address security gaps.
• Implement cybersecurity risk management strategies, conduct risk assessments.
• Ensure CUI protection per regulatory requirements, including access controls, encryption, and monitoring.
• Support continuous monitoring and incident response, ensuring timely reporting.
• Promote security awareness and training.
• Provide guidance on classification markings for ITAR, EAR, CUI, FCI, and classified data.
• Perform other duties as assigned.

Disclaimer:

These statements describe the general nature and level of work but are not exhaustive of all responsibilities, duties, and skills required. Avantor is an equal opportunity employer.

Why Avantor?

Dare to go further in your career. Join our global team of 14,000+ associates passionate about discovery, advancing life-changing science. Our work improves lives through new treatments, medical devices, and therapies. We support your growth through a diverse, inclusive culture with learning opportunities. Dare to go further and see how your contributions can create a better world. Apply today!

Pay Transparency:

The expected pre-tax pay range is $85,000.00 - $141,600.00, depending on experience and location.

EEO Statement:

We are an equal opportunity employer and VEVRAA Federal Contractor. We do not discriminate based on sex, gender identity, sexual orientation, race, religion, disability, veteran status, or other protected characteristics.

For accommodations, contact recruiting@avantorsciences.com.

For more information on EEO protections, view the Know Your Rights poster.

3rd Party Non-Solicitation Policy:

Submitting candidates without a formal assignment or contracting with Avantor may result in forfeiting fees. We work with a preferred supplier list and will engage with agencies as needed. No solicitation is accepted outside this process.