Jobs · Information Technology · Pennsylvania

Cybersecurity Manager

Civil & Environmental Consultants, Inc. · Coraopolis, PA · 3 wk ago
Information TechnologyFull-time

About the role

The Cybersecurity Manager will lead the establishment and maturation of CEC's information security program, focusing on NIST CSF 2.0 alignment and CMMC Level 1 compliance.

Responsibilities

  • Lead the design, documentation, and implementation of CEC's enterprise cybersecurity program, using NIST CSF 2.0 as the guiding framework.
  • Conduct a comprehensive policy gap analysis, develop, publish, and maintain a complete set of cybersecurity policies, standards, and procedures, and drive adoption across all 35+ offices and business units.
  • Partner with the CIO, Legal, COO, and CEO to establish governance structures, define organizational risk tolerance, and align security investments with business objectives.
  • Create and maintain a formal cybersecurity roadmap with prioritized initiatives, measurable success metrics, and executive-level reporting.
  • Lead CEC's CMMC Level 1 compliance initiative, coordinating requirements across IT, operations, and legal to achieve successful annual self-attestation and SPRS submission by end of 2027.
  • Conduct and maintain a structured cybersecurity risk register; lead periodic risk assessments and develop actionable remediation plans.
  • Monitor the evolving regulatory and threat landscape relevant to the AEC industry and advise leadership on required responses.
  • Support internal and external audit activities related to information security and data protection.
  • Collaborate with Legal on data privacy obligations, contractual security requirements, and third-party data handling agreements.
  • Evaluate CEC's current security controls, tools, and processes; identify gaps and recommend improvements across on-premises, cloud (Microsoft Azure/M365), and hybrid environments.
  • Oversee a vulnerability management program including regular scanning, risk-based prioritization, and remediation tracking.
  • Develop, document, and exercise an incident response plan; lead tabletop exercises and post-incident reviews to strengthen organizational readiness.
  • Manage third-party and vendor risk assessments, ensuring security requirements are reflected in contracts and vendor management practices.
  • Design and deliver a company-wide security awareness and training program tailored to staff roles and risk profiles across all office locations.
  • Serve as CEC's primary cybersecurity subject matter expert and advisor to business units, project teams, and executive leadership.
  • Champion a culture of security awareness, shared accountability, and continuous improvement across the organization.

Requirements

  • Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field; additional experience may be substituted.
  • 6+ years of progressive experience in cybersecurity or information security, with demonstrated experience building or maturing a formal security program within an enterprise environment.
  • Strong working knowledge of the NIST Cybersecurity Framework (CSF 2.0) and hands-on experience applying it in a real-world organizational context.
  • Working knowledge of CMMC Level 1 requirements, the FAR 52.204-21 basic safeguarding controls, and the annual self-attestation and SPRS submission process.
  • Experience conducting risk assessments, developing information security policies and standards, and managing vulnerability management programs.
  • Strong interpersonal, written, and oral communication skills; demonstrated ability to translate complex technical and regulatory concepts into clear, actionable guidance for executive and non-technical audiences.
  • Effective prioritization and project management skills with the ability to manage multiple concurrent initiatives with a high degree of autonomy.

Preferred

  • Relevant professional certifications CISSP, CISM, CRISC, or equivalent.
  • Familiarity with Microsoft security tools and other common solutions including Sophos MDR, Mimecast, Tenable IO, Microsoft Defender, Azure Security Center, Entra ID / Conditional Access, Purview, and M365 compliance features.
  • Experience working in or providing security services to a professional services, engineering, or AEC-sector firm.
  • Experience with the DoD’s SPRS system and CMMC ecosystem, including C3PAO relationships and third-party assessment readiness (relevant for future Level 2 aspirations).

Similar jobs

Cybersecurity Manager

Arbella Insurance GroupQuincy, MA· 1 wk ago
Information Technology$160k–$180k/yrapply on arbella.wd5.myworkdayjobs.com

Cybersecurity Manager

Work at CountyMarathon City, WI· 5 days ago
Information Technologyapply on ars2.equest.com

Cybersecurity Manager

Work at CountyBrookfield, WI· 5 days ago
Information Technologyapply on ars2.equest.com

Cybersecurity Manager

Jtec Industries, Inc. - Material Movement ExpertsLas Vegas, NV· 3 mo ago
Information Technologyapply on gc2it.isolvedhire.com

Cybersecurity Manager

JCS Solutions LLCBethesda, MD· 2 wk ago
Information Technologyapply on jcssolutions.applytojob.com

Cybersecurity Manager

Jet AviationWest Palm Beach, FL· 3 wk ago
Information Technologyapply on jobs.jetaviation.com