Cybersecurity Risk Manager

MIT Lincoln Laboratory Lexington, MA $147,600 - $199,300

Full Time Director Level 7+ years

Posted 1 week ago

Interested in this position?

Upload your resume and we'll match you with this and other relevant opportunities.

Upload Your Resume

About This Role

Lead and manage the Cybersecurity Risk Management Team for MIT Lincoln Laboratory, ensuring compliance with CMMC and other regulatory requirements to protect national security research. This role involves defining team strategy, overseeing operations, and assessing cybersecurity risks.

Responsibilities

Lead and oversee daily operations of the Laboratory's Cybersecurity Risk Management Team (CRMT)
Provide technical and operational supervision, mentoring, and performance oversight for Cybersecurity Risk Analysts and Managers
Participate in personnel retention efforts, candidate screening, and interviews for team vacancies
Define team strategy, goals, action plans, and metrics aligned with Laboratory and Security Department strategic initiatives
Assist in staff goal setting and performance appraisals, identifying professional development opportunities
Develop, administer, and predict team budgets and schedules
Assess technologies, systems, and components to identify cybersecurity risks and conduct security impact analyses
Work closely with the IT department for enterprise activities and security requirements
Conduct security impact analysis of emerging technologies and components across the Laboratory enterprise
Serve as Product Owner for the Laboratory’s Governance, Risk, and Compliance (GRC) tool
Evaluate complex system environments to ensure appropriate security measures based on best practices and regulations
Assist in planning and leading enterprise-level IT security projects (e.g., CMMC, Zero Trust Architecture)
Participate in meetings with Laboratory management and present briefings on risk assessments and emerging technology
Participate in corporate policy and procedure development, maintaining CRMT operating procedures
Develop and maintain cybersecurity policies, processes, and procedures aligned with requirements and industry best practices

Requirements

U.S. Citizenship
Bachelor’s degree in Computer Science, Information Technology, Computer Information Systems, or related field
7+ years of management experience in a Defense Industrial Base (DIB) setting
Demonstrated capability in leading cross-functional teams and presenting ideas (written and oral)
Thorough understanding of NIST SP 800-171, 800-171a, 800-172, 800-172a
Thorough understanding of FISMA processes and FedRAMP requirements
Thorough understanding of DFARS requirements for Safeguarding Covered Defense Information and Cyber Incident Reporting
Thorough understanding of Cyber Maturity Model Certification (CMMC)
Demonstrated knowledge of the CMMC Assessment Process (CAP)
GRC tool experience
Technical experience, skills, and industry IT certifications (may substitute for DIB security experience)
Demonstrated knowledge of technology testing and evaluation methods and procedures
Excellent oral, written, and presentation skills
Demonstrated ability to multitask projects/programs and redirect priorities
Ability to work across organizational units and with customers
Reliable self-starter who makes sound, well-informed decisions and works independently
Demonstrated ability to manage complex situations, follow-up, and solve problems
Excellent interpersonal communication, organizational, and customer service skills
Excellent writing skills for extensive written reports
Ability to obtain a Top Secret level security clearance with compartmented program eligibility

Qualifications

Bachelor’s degree in Computer Science, Information Technology, Computer Information Systems, or related field
Seven (7) or more years of management experience in a Defense Industrial Base (DIB) setting with related work in Security Control Assessor, Information Assurance, Risk Assessment, IT Security, or equivalent experience

Nice to Have

Demonstrated knowledge of National Industrial Security Program Operations Manual (NISPOM)
Demonstrated knowledge of DCSA Assessment and Authorization Guide (DAAG) based on Risk Management Framework (RMF)
Demonstrated knowledge of NIST 800-53 controls and associated NIST publications
Demonstrated knowledge of SAP/SCI Community and Intelligence Community requirements and directives (e.g., JSIG, ICD 503)
Experience as a product owner of a technical program (e.g., GRC or other IT tool)
Cybersecurity management certifications (e.g., CISSP, CISM)
IT auditor certification (e.g., CISA, GNSA)
DoDM 8140 baseline certifications
CMMC Certified Professional (CCP)
CMMC Certified Assessor (CCA)

Skills

GRC tools * NIST 800-53 * CISSP * DFARS * FedRAMP * FISMA * Risk Management Framework (RMF) * CMMC * ICD 503 * CISA * CISM * Zero-trust architecture * NIST Special Publications 800-171 * NIST Special Publications 800-171a * NIST Special Publications 800-172 * NIST Special Publications 800-172a * National Industrial Security Program Operations Manual (NISPOM) * DCSA Assessment and Authorization Guide (DAAG) * JSIG * GNSA *

* Required skills

Benefits

Health Insurance

Tuition Reimbursement

Work-life balance options

Dental Insurance

Mentorship programs

MIT-funded pension

Paid leave (vacation, sick, parental, military, etc.)

Vision Insurance

Matching 401(k)

Continuing education programs

About MIT Lincoln Laboratory

MIT Lincoln Laboratory is a Federally Funded Research and Development Center (FFRDC) whose mission is research in support of National Security.

Government

View all jobs at MIT Lincoln Laboratory →

Similar Jobs