Together, we own our company, our future, and our shared success.

 

As an employee-owned company, our people are Black & Veatch. We put them at the center of everything we do and empower them to grow, explore new possibilities and use their diverse talents and perspectives to solve humanity's biggest challenges in an ever-evolving world. With over 100 years of innovation in sustainable infrastructure and our expertise in engineering, procurement, consulting and construction, together we are building a world of difference.  

 

Company : Black & Veatch Corporation  

Req Id : 110197 

Opportunity Type : Staff 

Relocation eligible : No 

Full time/Part time : Full-Time  

Project Only Hire : No 

Visa Sponsorship Available: No 

Why Black and Veatch

Black & Veatch allows you to lend your talent and perspective to humanity’s biggest challenges in a flexible environment where you are empowered to grow and explore new possibilities. We offer competitive compensation; 401K match and benefits that start day 1. 
 
Our hybrid environment allows you to balance your work and personal life. At Black & Veatch, you own your career with purpose and meaning. You are empowered to grow and explore new possibilities at every step of your career journey. Bring your big ideas knowing you are safe to be who you are and speak up with concerns or questions and put your diverse talents and perspectives to use.

The Opportunity

The CMMC Risk & Compliance Manager will be responsible for ensuring the organization meets all requirements of the Cybersecurity Maturity Model Certification (CMMC) framework as mandated by the U.S. Department of Defense. In this role, the Compliance Manager will manage and maintain compliance activities related to Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). Additionally, the Compliance Manager will execute the planning and performance of annual self-assessments, operational plan of action, triennial certification process, assess the adequacy of existing controls, drive remediation efforts, and serves as the internal expert for CMMC Compliance. 

The Team

Black & Veatch’s Business Enablement consists of critical groups that help enable the organizations people, projects, and businesses to be as successful as possible. Functions in this group include Digital & Information Technology, Global Finance, Global Human Resources, Legal, Risk Management, and Government Affairs and Real Estate and Building Services.

Key Responsibilities Develop, implement, and manage compliance program aligned with organizational goals and contractual obligations related to Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).  Coordinate and lead CMMC gap assessments, including annual self-assessments, and third-party assessments (C3PAO).  Develop and maintain policies, standards and procedures lifecycle, document processes, risks, exceptions, operational action plan to the appropriate CMMC levels.  Maintain documentation, including System Security Plan (SSP), Plan of action & Milestones (POA&M), and control implementation guidelines.  Work cross-functionally with D&IT team members, business team members, and legal to ensure alignment with NIST 800-171 control requirements.   Ensure security and compliance controls are designed and operating effectively within the MS GCC High environment.   Monitor compliance dashboards and provide oversight on policy deviations, privileged access, systems hardening, data flow boundary monitoring, security monitoring and response.  Partner with Physical security and HR for user onboarding and access reviews.  Proactively monitor evolving DoD, DFARS, CMMC regulations, and conduct risk assessments through continuous monitoring and mitigation plans.  Oversee and evaluate supplier risk including contractors, sub-contractors, Joint Venture (JV) partners compliance when CUI/FCI is shared or processed by third parties.  Coordinate training and awareness programs for CUI handling, Insider Risk, and Cybersecurity awareness.  Review and negotiate contracts and third-party agreements for security and compliance obligations.  Report on compliance posture metrics to leadership and stakeholders.  Management Responsibilities Acts in capacity of a "lead person." Does not have management responsibility for the people to whom they provide work direction.Minimum Qualifications Bachelor’s degree in Cybersecurity or Information Assurance or similar field.   Minimum 7 years of experience in Cyber Security with a focus on GRC, IT Audit, Risk Assessments.  U.S. Citizenship required.  All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations. Preferred Qualifications Deep knowledge of NIST 800-171 and DFARS requirements.    At least one certification such as CMMC Certified Professional (CCP), CISA, CRISC.  Experience in developing security policies and procedures, self-assessments and third-party certification audits, supplier risk assessments, security awareness and phishing simulation, and other relevant GRC areas.   Experience developing or managing SSP’s, POA&Ms and control documentation.  Action and results-oriented with the ability to overcome obstacles, able to work well under deadlines in a changing environment.  Experience in building and maintaining a CMMC level-2 environment, FedRamp Moderate, and DoD contract requirements.  Demonstrated experience applying security and compliance controls in Microsoft GCC High or DoD environments.  Experience with Microsoft security and compliance tools.  Knowledge of current threats and regulatory best practices in the IT and OT security  Effective communication and project management skills. 

 

Assigned to projects for U.S. Government Agency/Department clients. Candidate must be a U.S. Citizen.

Work Environment/Physical Demands

Hybrid or flexible work options may be offered after the first 90 days of employment based upon manager discretion, job performance and work assignments.

Salary Plan ITS: Information Technology ServiceJob Grade 007

Black & Veatch endeavors to make www.bv.com/careers accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process because of a disability, please contact the Employee Relations Department at +1-913-359-1622 or via our accommodations request form. This contact information is for disability accommodation requests only; you may not use this contact information to inquire about the status of applications. General inquiries about the status of applications will not be returned.

 

Black & Veatch is committed to being an employer of choice by creating a valuable work experience that keeps our people engaged, productive, safe and healthy.

 

Our comprehensive benefits portfolio is a key component of this commitment and offers an array of health care benefits including but not limited to medical, dental and vision insurances along with disability and a robust wellness program.

 

To support a healthy work-life balance, we offer flexible work schedules, paid vacation and holiday time, sick time, and dependent sick time.

 

A variety of additional benefits are available to our professionals, including a company-matched 401k plan, adoption reimbursement, tuition reimbursement, vendor discounts, an employment referral program, AD&D insurance, pre-taxed accounts, voluntary legal plan and the B&V Credit Union. Professionals may also be eligible for a performance-based bonus program.

 

We are proud to be a 100 percent ESOP-owned company. As employee-owners, our professionals are empowered to drive not only their personal growth, but the company's long-term achievements - and they share in the financial rewards of the success through stock ownership.

 

By valuing diverse voices and perspectives, we cultivate an authentically inclusive environment for professionals and are able to provide innovative and effective solutions for clients.

 

BVH, Inc., its subsidiaries and its affiliated companies, complies with all Equal Employment Opportunity (EEO) laws and regulations. Black & Veatch does not discriminate on the basis of age, race, religion, color, sex, national origin, marital status, genetic information, sexual orientation, gender Identity and expression, disability, veteran status, pregnancy status or other status protected by law.

 

For our EEO Policy Statement, please click here. 

 

Notice to External Search Firms: Black & Veatch does not accept unsolicited resumes and will not be obligated to pay a placement fee for unsolicited resumes. Black & Veatch Talent Acquisition engages with search firms directly for hiring needs.