• Job Description

  Req#: R00000059936

  This Director, CMMC Compliance Management position is fully remote, allowing you to work from the comfort of your own home. The position is responsible for overseeing and managing the Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) process, as well as managing activities associated with maintaining CMMC 2.0 certification at the relevant level. This role is key in developing and executing on the strategy to achieve CMMC 2.0 certification prior to the Federally imposed deadline. This role will work with and advise individuals and groups on how the CMMC 2.0 certification requirements, and the underlying frameworks and certifications, link to their areas of ownership. This role will work with organizational leadership and specific stakeholders to develop, prioritize, and document risk, in pursuit and maintenance of CMMC 2.0 certification. Acts as a subject matter expert on the CMMC 2.0 certification process, provides guidance on potential solutions. Responsible for achieving and maintaining CMMC 2.0 certification. This is an individual contributor role that works in a matrixed fashion, which may later expand to lead direct reports. Acts in a consultative fashion. Owns end-to-end certification lifecycle, including engaging with internal and external assessors, evidence gathering and organization. Experience with the Department of Defense (DoD) Authority to Operate (ATO) process is required, while Magellan is willing to provide training regarding CMMC 2.0 certification, under the right circumstances. Work with senior leaders across Privacy, Compliance, GRC, and IT to align on direction, mitigate risk, and negotiate priorities. Work with other subject matter experts to develop creative solutions, identify points of risk and contention, influence solutions at the lowest level with minimal churn. Must have experience leading comparable external audits and certifications to help Magellan mature to the level of evidence collection and organization required to achieve successful results. Consulting experience a plus.

  Must possess Certified Information Systems Auditor® (CISA®) and one of the following certifications:

  • Certified Information Security Manager (CISM)

  • Certified Information Systems Security Professional (CISSP)

  • GIAC Security Leadership Certification (SANS Institute) (GSLC)

  Experience in the following areas highly preferred:

  • Department of Defense Architecture Framework (DoDAF)

  • NIST SP 800-53 Framework and Risk Management Framework (RMF)

  • Successfully received an ATO for a contracted government program

  • Federal Risk and Authorization Management Program (FedRAMP) and FedRAMP+

  • HIPAA Security & Privacy Rules

  Responsibilities:

  • Responsible for achieving, overseeing, and managing the CMMC 2.0 certification

  • Responsible for managing activities associated with maintaining CMMC 2.0 certification

  • Responsible for developing and executing on a strategy to achieve CMMC 2.0 certification

  • Responsible for working with and advising individuals and groups on how CMMC 2.0 certification requirements and all the underlying frameworks and accreditations link to their areas of ownership.

  • Responsible for working with the leaders of the organization and other stakeholders to develop, prioritize, and document risk.

  • Acts as a subject matter expert on CMMC 2.0 certification process, provides guidance on potential solutions and mitigations.

  • Responsible for the end-to-end certification lifecycle, including engaging with internal and external assessors, evidence gathering and organization.

  • Responsible for partnering with senior leaders across Privacy, Compliance, GRC, and IT to align on strategic direction, risk mitigation, and priority identification.

  • Responsible for coaching other subject matter experts to develop creative solutions, identify points of risk and contention, influence solutions at the lowest level with minimal churn.

  • Support leadership in establishing annual and long-term goals, defining strategies, metrics, and reporting mechanisms as applicable to function.

  • Manage and ensure compliance with information security policies and procedures for activities within scope of role.

  • Assist in formalizing and updating security policies, procedures, and technical standards.

  • Recommend resource allocations required to securely operate and maintain an organization’s CMMC 2.0 certification.

  Other Job Requirements

  3+ years relevant Audit experience
  May substitute 2 or more relevant certifications for a year of experience.

  • Strong ability to influence without authority

  • Builds credibility through effective communication.

  • Demonstrated operational and technical skills relating to information security, audit, compliance, risk, complex program management and delivery

  • Demonstrated knowledge and experience with DOD authorizations (FedRAMP+, Cloud Computing Security Framework , GovCloud, etc)

  • Demonstrated knowledge and experience with DOD regulations and information security frameworks (DFARS, NIST 800-53, 53A, 37, 171)

  • Ability to lead multi-disciplinary teams and matrix management to defined deadlines.

  • Ability to communicate and engage effectively with a diverse audience, including front line technical staff, non-technical staff, management, executives, and vendors/providers.

  This position manages a functional area within the office of the CISO and will take a practical and risk-based approach to manage, maintain, and deploy security solutions throughout the enterprise network. Contributes to the design, development and maintenance of the network security environment and architecture regarding data and voice communications to ensure efficient information flow in a secure systems environment. Promotes a positive security culture for the organization by protecting the confidentiality, integrity, and availability of data and assets while assisting the company to successfully meet its strategic goals. Manages a team or teams which may include Information Security Managers, Engineers and/or Analysts and is accountable for their team(s)’ performance in engineering, implementation, and maintenance of security processes and solutions throughout the enterprise according to policy and risk. Acts as champion to their team and other business units to promote a secure organization through positive knowledge sharing, training, influences, and conduct.

  • Responsible for the oversight and management of all elements of a functional area within assigned area of operations, including supervision and mentorship of the team.
  • Partner with Information Technology leaders to facilitate compliance with security guidance and guidelines related to their area of expertise/responsibility.
  • Support leadership in establishing annual and long-term goals, defining security strategies, metrics, and reporting mechanisms as applicable to your function.
  • Act as SME in the strategic sourcing process for acquiring infrastructure security assets and infrastructure services, including selection, negotiations, and contract finalization.
  • Manage and ensure compliance with information security policies and procedures for activities within scope of role.
  • Research emerging technologies in support of IT security enhancement and development efforts.
  • Assist in formalizing and updating security policies, procedures, and technical standards.
  • Recommend resource allocations required to securely operate and maintain an organization’s cybersecurity requirements.

  Other Job Requirements

  Responsibilities

  8+ years of IT experience with 6+ in Information Security.
  May substitute 2 or more relevant certifications for a year of experience.
  Proven in-depth knowledge of network protocols and packet analysis tools such as TCPDUMP and Wireshark.
  Detailed knowledge on network and host- based firewalls and intrusion prevention systems. Detailed knowledge on proxy servers, SSL inspection techniques, load- balancers, reverse proxy servers, and web application firewalls.
  Proven ability to develop custom threat signatures in response to zero-day and emerging security threats. Strong consensus builder who builds credibility through targeted, accurate, and effective communication. Demonstrated operational and technical skills relating to information security.
  Detailed knowledge with security-related systems and applications, firewalls, packet analysis tools, intrusion detection/prevention, and web content filtering.
  Detailed digital forensics and eDiscovery skills and experience. Detailed knowledge of network infrastructure, including routers, switches, firewalls. Knowledge of information security publications (e.g., NIST 800-53, 53A, 37). Detailed knowledge of incident response, problem resolution, and vulnerability remediation. Detailed knowledge of automated security testing.
  Demonstrated ability to lead/manage direct reports and develop staff.
  Ability to lead multi-disciplinary teams and cross-functional management to defined deadlines.
  Ability to communicate and engage effectively with a diverse audience, including front line technical staff, non-technical staff, management, executives, and vendors/providers.
  Demonstrated in-depth knowledge of PCI, HITRUST, and/or other industry standards.
  Self-starter with the ability to lead tasks with demonstrated ability to work independently.
  Strong verbal and written communication skills with the ability to collaborate effectively with other groups.

  General Job Information

  Title

  Director, CMMC Compliance Management - Fully Remote

  Grade

  32

  Work Experience - Required

  Information Security, IT

  Work Experience - Preferred

  Education - Required

  A Combination of Education and Work Experience May Be Considered., Bachelors - Information Security

  Education - Preferred

  Masters

  License and Certifications - Required

  CISSP - Certified Information Systems Security Professional - Enterprise

  License and Certifications - Preferred

  Salary Range

  Salary Minimum:

  $127,295

  Salary Maximum:

  $229,105

  This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Actual pay will be adjusted based on an individual's skills, experience, education, and other job-related factors permitted by law.

  This position may be eligible for short-term incentives as well as a comprehensive benefits package. Magellan offers a broad range of health, life, voluntary and other benefits and perks that enhance your physical, mental, emotional and financial wellbeing.

  Magellan Health, Inc. is proud to be an Equal Opportunity Employer and a Tobacco-free workplace. EOE/M/F/Vet/Disabled.
  Every employee must understand, comply with and attest to the security responsibilities and security controls unique to their position; and comply with all applicable legal, regulatory, and contractual requirements and internal policies and procedures.

• About the company

  Magellan Health Inc., is an American for-profit managed health care company, focused on special populations, complete pharmacy benefits and other specialty areas of healthcare.

Notice