**At Oshkosh, we build, serve and protect people and communities around the world by designing and manufacturing some of the toughest specialty trucks and access equipment. We employ over 18,000 team members all united by a common purpose. Our engineering and product innovation help keep soldiers and firefighters safe, is critical in building and keeping communities clean and helps people do their jobs every day.** **JOB SUMMARY:** Oshkosh Corporation designs and builds mission-critical vehicles and technology for defense, municipal and commercial customers worldwide. Protecting the confidentiality, integrity and availability of our information assets is foundational to that mission. You will be part of our cybersecurity-compliance program—guiding teams to through **CMMC, UK Cyber Essentials, PCI DSS and other regulatory certifications** —and serve as the expert who turns requirements into pragmatic, risk-based controls. **WORK LOCATION** This position follows Oshkosh Corporation’s hybrid work model, with **three days in-office** **and** **two days remote** each week. The preferred location for this role is at our **Global Headquarters in Oshkosh, WI** , with relocation assistance available for candidates who are not local. However, we are also open to candidates based out of the following U.S. office locations: + McConnellsburg, PA + Hagerstown, MD + Orlando, FL **ESSENTIAL DUTIES AND RESPONSIBILITIES:** These duties are not meant to be all-inclusive, and other duties may be assigned. + Participate in or lead Cybersecurity compliance efforts across the organization, including preparation for, scheduling, and leading assessments (e.g. CMMC). + Translate Cybersecurity control requirements into system level configurations and interpret system security capabilities for compliance requirements. + Prepare reports detailing policy, standard, process, and control gaps related to compliance requirements and provide remediation recommendations. + Work with management as the subject matter expert to develop program budgets and associated projects. Coordinate with IT and business regional leads to develop or modify compliance plans and strategies for different cultures, nationalities, and languages. + Experience leading or conducting IT audits including the ability to distill technical data down to stakeholder understanding in non-technical means. Keep informed on the latest research, trends, and developments in all regulatory compliance areas. + Serve as a trusted advisor to business functional areas (e.g., Finance, HR, Engineering) and/or internal IT resources (such as infrastructure, apps, IT services.). + Ensure that business and technical requirements are aligned to policy and are implemented within regulatory and contractual compliance. Maintain expert awareness of all aspects of information security and compliance, including PCI, and SOC requirements for information systems and industry best practices, such as, NIST 800-53, 800-171, 172. + Contribute to the development and maintenance of the Cybersecurity strategy. **MINIMUM QUALIFICATIONS:** + Bachelor’s degree in Cybersecurity, Information Systems, Communications, Computer Science or equivalent. + Six (6) or more years of experience in cybersecurity including direct involvement with regulatory or framework compliance (CMMC, NIST 800-171, PCI, ISO 27001, SOC2, FAR, DFARS, etc.) **PREFERRED QUALIFICATIONS:** + Graduate degree in Cybersecurity, Information Systems, Management or equivalent. + Relevant industry recognized certifications (CISSP, CEH, GIAC, Security+, SSAP, etc.) + In-depth Knowledge and experience with regulatory compliance models (NIST, HIPAA, PCI, ISO, etc.). + Hands-on design or operations background in at least one DT domain (infrastructure, cloud, or application development). + Demonstrated knowledge of security controls for network, applications, and operating systems. + Demonstrated conceptual, analytical, and innovative problem-solving and evaluative skills. + Experience communicating conceptual and technical information both verbally (on phone, one-on-one, to groups) and in writing (emails, letters, reports, presentations) to various audiences (work group, team, company management, external clients). + Experience with projects or issues of high complexity that require in-depth knowledge across multiple technical areas and lines of business. + Experience conducting or leading IT audits. + Hold an active or can obtain a U.S. Government Secret level or above clearance. + Experience drafting information security policies, procedures, and standards. + Experience testing effectiveness and adherence of cybersecurity controls. + Translate complex contractual and regulatory requirements into actionable information system configurations. + Experience collaborating in cross-functional work environments. **BASIC COMPETENCIES:** + **Internal Contacts:** Contact with employees or others primarily at a routine level involving basic information exchange; Contact with peers and others involving explanation of information (these contacts may be within or outside department or division), and the gathering of factual information; may include the communication of sensitive or confidential information; Contact across departments or divisions with employees involving persuasion of others, absent formal authority, to conform to a policy interpretation or recommend course of action. + **External Contacts:** External contact involving a requirement to maintain a continuing external working relationship with individuals, or organizations. + **Communication Skills:** Read, write, and comprehend simple instructions, short correspondence and memos; Read and interpret safety rules, operating/maintenance instructions and procedure manuals; Write routine reports, correspondence and speak effectively before both internal and external groups; Read, analyze and interpret business manuals, technical procedures and/or government regulations. + **Decision-Making:** Regularly makes decisions of responsibility, involving evaluation or information. Decisions may require development or application of alternatives or precedents. + **Complexity, Judgment and Problem Solving:** Typically difficult or complex work. Generally governed by broad instructions and objectives usually involving frequently changing conditions and problems. + **Supervisory/Managerial:** General instructing, scheduling, and reviewing the work of others performing the same or directly related work. Acts as “lead worker”. Job functional supervision only. **WORKING CONDITIONS:** + **Physical Demands:** Frequent Sitting, Hearing, Talking, Visual, Typing, Manual Dexterity. Seldom Standing, Walking/Running, Reaching, Driving, Bending/Kneeling, Fine Dexterity, Upper Extremity Repetitive Motion, Lifting/Carrying 40lbs., Pushing/Pulling 40lbs. + **Non-Physical Demands:** Frequent Analysis/Reasoning, Communication/Interpretation, Math/Mental Computation, Reading, Sustained Mental Activity (i.e. auditing, problem solving, grant writing, composing reports), Writing. + **Environmental Demands:** Occasional Work Alone. Seldom Frequent Task Changes, Tedious/Exacting Work. + **Work Schedule** **:** Routine shift hours. Infrequent overtime, weekend, or shift rotation. + **Demands/Deadlines:** Occasional stress due to deadlines or workload because of intermittent or cyclical work pressures, or occasional exposure to distressed individuals within the immediate work environment. \#LI-VR **Pay Range:** $115,600.00 - $196,400.00 The above pay range reflects the minimum and maximum target pay for the position across all U.S. locations. Within this range, individual pay is determined by various factors, including the scope and responsibilities of the role, the candidate's experience, education and skills, as well as the equity of pay among team members in similar positions. Beyond offering a competitive total rewards package, we prioritize a people-first culture and offer various opportunities to support team member growth and success. Oshkosh is committed to working with and offering reasonable accommodation to job applicants with disabilities. If you need assistance or an accommodation due to disability for any part of the employment process, please contact us at corporatetalentacquisition@oshkoshcorp.com. Oshkosh Corporation is a merit-based Equal Opportunity Employer. Job opportunities are open for application to all qualified individuals and selection decisions are made without regard to race, color, religion, sex, national origin, age, disability, veteran status, or other protected characteristic. To the extent that information is provided or collected regarding categories as provided by law it will in no way affect the decision regarding an employment application. Oshkosh Corporation will not discharge or in any manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with Oshkosh Corporation's legal duty to furnish information. Certain positions with Oshkosh Corporation require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be "U.S. Persons," as defined in these regulations. Generally, a "U.S. Person" is a U.S. citizen, lawful permanent resident, or an individual who has been admitted as a refugee or granted asylum.