Job Description:

Description

Overview:

Technology advancements are helping organizations to deliver un-parallel user experience and value creation. The convergence of physical and digital world is leading to connected ecosystem that creates exponential number of interactions and data/information exchange. While cloud, data analytics and IIoT technologies bring huge opportunity, it also pushes relevance of cyber security to whole new level and demands the integration and orchestration of people, processes, and technologies to meet trusted digital transformation.

Mirion is a leader in radiation safety, measurement, and science. Built on 60 years of experience, Mirion solutions play critical role in nuclear energy, medial and defense sector. Being part of Critical National Infrastructure ecosystem, Mirion is committed to bring best of cyber security to operate as "Trusted Enterprise" and delivery Solutions that are "Secure-by-Design".

Mirion is looking for motivated, experienced, and expert cyber defenders. As part of corporate cyber security team and reporting to Chief Information Security Officer (CISO), the Sr. Manager, Cyber Risk & Compliance shall perform responsibilities and have qualification, experience and expertise as described below:

Position Responsibilities:

• Develop and enforce enterprise cyber security policies, minimum baseline standards, standard operating procedures, and measurement metrics.


• Establish enterprise security risk management program including internal audit, risk assessment, risk mitigation, governance, and compliance reporting.


• Develop, implement. operate and maintain contingency and disaster recovery plan for IT, OT/IIoT and Connected Products technology operations.


• Develop and manage cyber security incident communication framework for internal and external stakeholder and meet regulatory and contractual obligations. Collaborate with "Security Communication Council" and manage IT, OT/IIoT and Product security incident communication.


• Establish enterprise vulnerability management policy, process, and technology solution.


• Create standard cyber security RFP/RFI/Contract response template in compliance with NIST and GDPR standard specifications.


• Create & maintain NIST based cyber security evaluation metrics & questionnaire for Mirion technology supply-chain (IT, OT/IIoT and Products).


• Manage, automate, and enforce Change-Management process to keep ISMS relevant to business strategy and compliant with industry-standards and regulatory requirements.


• Manage various cyber security projects under CISO organization. This includes facilitating the planning and the prioritization of complex cybersecurity services. These may have significant complexity across many offices, divisions, and entities. Work directly with partners, vendors, staff, and agencies to ensure project success.


• Analyze, evaluate, and overcome program risks, and produce program KRA/KPI reports for management and stakeholders.


• Ensure that the current and future service level requirements are identified, understood, and documented in SLA (Service Level Agreement), OLA (Operational Level Agreements) and service level requirements (SLR) documents under partner/service-provider contract.


• Develop and operate cyber security awareness and training program.

Qualification Required

• 10+ years of experience as security governance, risk, and compliance - must have worked on large enterprise-wide cyber security risk management program.


• 5+ years of experience in managing complex programs planning, execution and reporting.


• Industry recognized certifications are a plus - e.g., PgMP with CISA or CRISC.


• In-depth knowledge of NIST CSF 1.1, NIST SP 800-53, NIST SP 800-30, NIST SP 800-37, NIST SP 800-39, NIST SP 800-40, NIST SP 800-34, GDPR and HIPPA.


• Excellent knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.


• Hands-on experience in:
  
  
  
  • Security threat modelling, abuse case analysis, risk assessments, design, and architecture review.
  
  
  • Qualitative and quantitative business impact analysis.
  
  
  • A strong understanding of operational risk and resilience, business process improvement methods as well as risk related control frameworks and practices.
  
  
  • Solid understanding of the operational risk management methodology and CSA related requirements.
  
  
  • MITRE ATT&CK framework and STRIDE methodology for threat modeling.
  
  
  • ISO/IEC 29147:2018 (vulnerability disclosure) and ISO/IEC 30111:2019 (vulnerability handling).
  
  
  
  

• Experience utilizing Service Management tools preferably ServiceNow, BMC Helix.


• Excellent understanding of information security concepts, protocols, industry best practices and strategies.


• Bachelor's degree in Engineering or related field.

Other Skills Requirement:

• Strong understanding of security products and vendors, relevant technologies and trends, and industry standards.


• Demonstrated experience in gathering and transforming business requirements into a comprehensive technology solution definition.


• Strong team player - work with internal and external stakeholder to solve problems and actively incorporate input from various sources.


• Excellent communication skills and collaborative working style. Strong critical thinking and analytical skills and ability to think "out of the box" required.


• Willing to travel

Qualifications

BehaviorsInnovative - Consistently introduces new ideas and demonstrates original thinking
Team Player - Works well as a member of a group
EducationBachelors of Engineering (required)
ExperienceExperience utilizing Service Management tools preferably ServiceNow, BMC Helix (preferred)
In-depth knowledge of NIST CSF 1.1, NIST SP 800-53, NIST SP 800-30, NIST SP 800-37, NIST SP 800-39, NIST SP 800-40, NIST SP 800-34, GDPR and HIPPA (required)
Industry recognized certifications are a plus - e.g., PgMP with CISA or CRISC. (preferred)
5 years: managing complex programs planning, execution and reporting (required)
10 years: security governance, risk, and compliance - must have worked on large enterprise-wide cyber security risk management program (required)

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c) Apply Now