We are seeking a highly motivated and detail-oriented IT Security Program Manager to lead the organization's compliance and cybersecurity initiatives, ensuring alignment with CMMC and NIST standards. This role requires a strategic leader with hands-on capability to drive compliance programs, manage remediation efforts, and collaborate across diverse business units. The IT Security Program Manager will play a critical role in maintaining and enhancing our cybersecurity posture, ensuring that all processes, systems, and personnel meet the rigorous security program requirements.
Key Responsibilities
Develop, implement, and oversee the organization's IT security compliance program.
Lead and execute efforts to achieve and maintain compliance with NIST and NIST standards.
Hands-on execution for CMMC readiness activities, including policy updates, control assessments, and remediation efforts.
Collaborate and engage actively with cross-functional teams to secure buy-in and ensure program success.
Own and deliver project timelines, deliverables, and reporting for compliance initiatives.
Utilize GRC platforms for control tracking, risk management, and reporting.
Conduct IT control assessments and ensure audit readiness.
Support IT operations in a Windows environment and GCC-High configuration.
Provide training and guidance to employees on security program requirements and best practices.
Work with external auditors to facilitate assessments and certifications.
Must Have Requirements
Minimum 7 years leading compliance programs in IT security.
Proven ability to manage complex projects with exceptional organizational skills.
Demonstrated experience performing tasks across the compliance program.
Extensive experience collaborating with diverse business units and securing executive buy-in.
Demonstrated success in achieving compliance program strategy for an organization.
Extensive experience evaluating IT controls against NIST and/or NIST frameworks.
Security Clearance : Must be able to pass a basic government suitability check (US Citizenship required).
Preferred Requirements
CISSP and/or CISA certifications (or related certification)
Experience with IT operations and administration in Windows environments.
Experience with Microsoft GCC-High environments.
Proficiency in GRC platforms for compliance management.
Experience leading, tracking, and reporting on remediation efforts.
Familiarity with DFARS and ITAR regulations and how they apply to CUI handling.
Experience developing and overseeing CUI programs to ensure compliance with federal regulations.
Knowledge of NIST Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM), National Industrial Security Program Operating Manual (NISPOM), and NISP Enterprise Mission Assurance Support Service (eMASS).
What's In It For You
This role offers the opportunity to lead and shape the cybersecurity and compliance foundation of a federal-focused firm. You will work alongside experienced professionals, influence enterprise-wide security strategy, and play a key role in supporting the firm's mission-critical work with government clients.
Castro Puerto Rico is a Professional Services Center headquartered in San Juan, Puerto Rico, delivering advisory, accounting, and audit support services to Federal Government clients. We are dedicated to assisting our clients to accomplish their strategic goals while providing our people with a diverse and inclusive environment to thrive and succeed.
Castro Puerto Rico is an Equal Opportunity Employer and considers all qualified applicants without regard to color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability, and any other classification protected by law.
Show more Show less