IT Security Project Manager in Santa Ana, CA at Ducommun

Date Posted: 1/4/2021

Job Snapshot

Job Description

IT Security Project Manager

Job Description

Will consider remote work / work from home during COVID; afterwards prefer and may require onsite support based out of any of the company performance centers - preferably Southern California locations: Santa Ana, Monrovia or Carson.

The IT Security Project Manager will provide cybersecurity expertise. This will be a hands on project management role which will require technical tasks as well as managing and implementing processes and procedures to ensure security priorities and compliance objectives are met. This position may supervise others.

Security / Compliance Assessments:

•         Assess compliance with standards such as NIST SP 800-171, CMMC.

•         Review system security documentation in order to identify potential security weaknesses, and recommend improvements to amend vulnerabilities.

•         Conduct gap analyses to analyze cyber requirements, develop action plans for corporate compliance, coordinate and execute implementation of requirements, and use Security Technical Implementation Guide (STIG) components to improve the security of Department of Defense (DoD) or Defense Supply Chain (DSC) information systems.

•         Provide clear and concise summaries of progress, issues, and steps taken to address issues.

•         Interact regularly with stakeholders and operations leaders to determine their needs and develop plans for improving delivery.

•         Apply and monitor Risk Management Framework Assessment and Authorization requirements.

      •         Prepare and manage to Plans of Action & Milestones (POA&Ms) to demonstrate progress toward or compliance with information/cyber security requirements, including detailed justifications for program-required non-compliant items.

Project Management:  

•         Act as the point of contact on assigned projects.  

•         Manage information security projects related to CMMC, DFARS and NIST through the project life cycle, including the development of project plans/schedules, scope, budgets, resources, schedule, deliverables, quality, risk.

•         Ability to articulate and communicate the need for change and know when and how to convey complex technical concepts based on the audience

•         Identify and document key milestone dates.

•         Identify and document product development and delivery requirements.

•         Document subproject dependencies, including dependencies between product development and delivery.

•         Resolve or assist in resolving conflicts within and between projects or functional areas.

•         Coordinate with stakeholders, functional or operation leaders as necessary over the course of the project.

•         Track project status and identify potential issues and risks that may impact completion dates or that may require corrective action.

•         When required, coordinate in-progress reviews with project and management staff and provide written summaries of the outcomes.

      •         Adhere to quality assurance and internal compliance procedures in project implementation.

Policy / Process / Procedures:

•         Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POAMs), and Risk assessment Reports.

•         Collect information from a variety of written and oral communications to document requirements.

•         Develop and maintain policies and documentation related to Cyber Security and Compliance required for government projects (including DoD).

•         Disseminate and educate internal and external users on Cyber Security policies and processes.

      •         Partner with other functional groups such as Internal Audit, Human Resources, IT Operations / Applications, etc. to align all policies with a common goal and focus.

Management of Resources:

•         Manage internal and outsourced IT resources as well as developing and implementing internal IT strategy to support short and long term objectives

•         Understand technical challenges, provide technical guidance to team, assign and allocate resources accordingly to address challenges in a timely manner and ensure technical quality.

•         Set clear expectations and requirements for each team member and ensure accountablilty to Ducommun Core Values, annual company performance goals and individual goals and objectives.

      •         Recognize and reward subordinates; project team members and others within the organization when appropriate.

Knowledge, Trends and Security Concerns:

•         Maintain a strong and current comprehension of Information Security practices including identifying risks, emerging cyber security threats, and risk mitigation processes.

•         Stay current with security threat trends and attacks ensuring internal systems have the appropriate infrastructure to avoid threats and attacks.

      •         Ensure security team remains educated and informed with changing security requirements, evolution of security and cyber threats and certified as required for skills needed to perform their job. 



Skills & Qualifications

Required Education and Experience

•         Bachelor’s Degree in IT or a related technical discipline, or the equivalent combination of education, technical certifications or training, or work experience

•         3-5 Years of progressive experience in IT Systems, Cyber Security and/or IT Solutions Management.

•         2+ Years of IT audit experience

      •         3-5 Years Management or Supervisory Experience preferred

Required Licenses / Certifications

•         Project Manager Professional (PMP) or equivalent training preferred

•         CISSP or equivalent training preferred

      •         Security + or equivlent/certification and training 

Required Knowledge, Skills and Capabilities

•         Knowledge and/or experience with the NIST 800-171 Defense Federal Acquisition Regulation Supplement (DFARS) and the Cybersecurity Maturity Model Certification (CMMC)

•         Cloud Security Experience (AWS, Office 365)

•         Familiarity with PCI, ISO, SOX, NIST 800-171/53, CMMC, and FedRAMP frameworks as well as other related compliance standards on IT projects.

•         Familiarity with network security, continuous monitoring, system auditing, and security policy development.

•         Ability to challenge the status quo.

•         High energy and ability to manage multiple projects and deadlines

•         Ability to communicate complex technical data and concepts to all levels of the organization

•         Ability to be decisive and make tough decisions

•         Ability to lead with People First / Strategy Second focus

•         Ability to manage and lead with transparency, strong ethical standards, integrity and quality. Good social, verbal, and written communication skills, with demonstrated ability to effectively present analytical data to a variety of technical and non-technical audiences.

•         Strong deductive reasoning, critical thinking, problem solving, and prioritization skills.

      •         Manage multiple projects concurrently.


Equal Opportunity Employer Veterans/Disabled


200 E. Sandpointe, Suite 700
Santa Ana, California, 92707
United States

Equal Opportunity Employer Veterans/Disabled