Head of IT Security & Compliance

What You Will Do:

This role is responsible for maintaining and evolving our IT Security posture and leading the strategy for establishing, implementing, and managing a comprehensive IT security and compliance program that aligns with industry best practices and regulatory requirements. The successful candidate will be instrumental in safeguarding Korry's information assets and ensuring our continued ability to serve our defense industry customers. The role ensures our systems and data are secure and that we fully comply with

CMMC, NIST SP

800-171, and DFARS. The role oversees Korry cybersecurity posture and how we are able to articulate our compliance with the various regulatory requirements for the Company. This role offers the opportunity to collaborate closely with cross-functional teams, implement strategic security solutions tailored to our unique manufacturing and engineering needs, and uphold the highest industry standards and compliance practices.

Primary Responsibilities:

Security Program Development & Implementation:

Evaluate current posture and make it into a robust IT security program, incorporating people, process, and technology controls to protect Korry's sensitive data and systems

Compliance Leadership:

Lead Korry's efforts to achieve and maintain compliance with critical cybersecurity frameworks and regulations, including: Cybersecurity Maturity Model Certification (CMMC): Drive Korry's CMMC readiness and certification efforts, ensuring all controls and documentation are in place. NIST Special Publication 800-171: Ensure full adherence to

NIST SP 800-171

requirements for protecting Controlled Unclassified Information (CUI) Defense Federal Acquisition Regulation Supplement (DFARS): Oversee compliance with DFARS clauses related to cybersecurity

Audit Management:

Manage and oversee monthly and quarterly IT audits, focusing on critical business systems such as our Enterprise Resource Planning (ERP) system, to identify vulnerabilities, assess control effectiveness, and ensure data integrity

Risk Management:

Develop and implement a comprehensive IT risk management framework, including risk assessments, mitigation strategies, and incident response planning.

Policy & Procedure Development:

Create, update, and enforce IT security policies, standards, and procedures across the organization.

Security Awareness Training:

Develop and deliver ongoing security awareness training programs for all employees to foster a security-conscious culture.

Vulnerability Management:

Establish and manage a robust vulnerability management program, including regular scanning, penetration testing, and remediation activities

Security Incident Response:

Develop, implement, and test an effective security incident response plan to minimize the impact of security breaches.

Vendor Security Management:

Assess and manage the security posture of third-party vendors and service providers.

Reporting:

Provide regular updates and reports to the Head of IT and senior leadership on the status of the security and compliance program, identified risks, and remediation efforts.

Stay Current:

Continuously monitor the evolving threat landscape, cybersecurity trends, and regulatory changes to ensure Korry's security posture remains robust and compliant. Performs special projects/tasks as assigned. Preferred Education Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Exceptional candidates with equivalent practical experience and a proven track record will also be strongly considered Preferred Experience 10+ years of progressive experience in IT security and compliance roles, with at least 3-5 years in a leadership or management position. Proven experience in building and maturing IT security programs at an enterprise level. Experience managing and conducting IT audits, particularly for ERP and other critical business systems. Preferred Specialized Skills and Abilities Solid understanding of IT security best practices, vulnerability management, and compliance regulations (ITAR, CMMC, NIST, etc.) Strong understanding of various security frameworks and standards (e.g., ISO 27001) Certifications such as CISSP, CISM, GSEC, CompTIA Security+ Experience working in an aerospace or defense industry environment Knowledge of database administration (SQL, Oracle, etc.) Experience working with the following:

EDR/XDR, SIEM, IDS/IPS, DLP

Physical Requirements:

Frequent use of personal computers, database and digital platforms, and other office productivity machinery, such as copy machines and computer printers. Frequently uses hands, fingers, and arms to reach, handle, touch or feel equipment, materials, and computer. The person in this position needs to frequently move inside the office Frequent close vision and the ability to adjust focus. Occasionally use of steps, or ladder. The employee must occasionally lift and/or move up to 50 pounds.

Salary Range:

Please note the typical hiring range is $153,000 - $207,000 yearly. Job offers within the range are based on significant job qualifications and pay equity.

Korry Electronics Competitive Benefits Package:

401(k) matching 12 paid holidays Minimum of three weeks paid time off plus one week paid sick time to start Comprehensive Medical, Dental and Vision Health Savings Account (HSA) with generous company contribution Flexible Spending Accounts (FSA) Tuition reimbursement Parental leave Short term and long term disability Life insurance Accidental death & dismemberment insurance Long-term care plan options Prescription safety shoe & glasses benefit Vanpool subsidy Recognition awards Employee referral bonuses EAP (Employee Assistance Program) Eligible candidates must be authorized to work in the U.S. This position requires access to export control information. To conform to US Export Control regulations, applicant should be eligible for any required authorizations from the US Government. Korry Electronics is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of age, race, color, religion, sex, sexual orientation, gender identity or expression, medical condition, national origin, marital status, disability, pregnancy or parental status, childbirth, genetic information, or military and veteran status.