IT Security & Compliance Manager

Description

Position Overview

We are seeking an IT Security & Compliance Manager to oversee, maintain, and defend our digital infrastructure while strictly enforcing federal cybersecurity requirements. In this role, you will own our compliance posture, ensuring full alignment with NIST SP 800-171, DFARS 252.204-7012, and CMMC Level 2.

The ideal candidate bridges the gap between technical execution and regulatory governance. You will be responsible for managing security operations, maintaining our System Security Plan (SSP), closing Plan of Action and Milestones (POA&M) items, and preparing the organization for a formal third-party CMMC assessment.

Key Responsibilities

• CMMC & NIST Governance: Own, update, and enforce the System Security      Plan (SSP) and Plan of Action and Milestones (POA&M). Ensure all 110      practices of NIST SP 800-171 are fully implemented and auditable.
• Infrastructure      Security Oversight: Oversee the security posture of our technical      stack, ensuring secure configurations across firewalls, Endpoint Detection      and Response (EDR), Remote Monitoring and Management (RMM), and cloud environments.
• Cloud & Tenant Security: Manage data enclave boundaries and security      policies, specifically optimizing and maintaining a Microsoft 365 GCC      High environment to prevent CUI spillage.
• Data Flow & CUI Management: Map, audit, and control the flow of      Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) across all internal and external systems.
• Incident Response & DFARS Reporting: Lead the incident response team.      Ensure full compliance with DFARS 252.204-7012, including rapid reporting      of cyber incidents to the DoD Cyber Crime Center (DC3) within 72      hours.
• Vulnerability & Patch Management: Conduct regular internal audits, vulnerability      scans, and risk assessments. Prioritize and remediate vulnerabilities across servers, endpoints, and network devices.
• Vendor & Supply Chain Risk: Evaluate subcontractors and third-party vendors to ensure they meet mandatory DFARS flow-down requirements.

Requirements

Required Skills & Qualifications

Compliance & Regulatory Expertise:

• Deep, practical knowledge of NIST SP 800-171, NIST SP 800-53, DFARS 252.204-7012, and CMMC Level 2 requirements.
• Proven experience writing, editing, and maintaining institutional IT policies, SSPs, and technical restoration playbooks.
• Experience navigating formal external IT audits or third-party assessments (C3PAO).

Technical Environment Experience:

• Strong background managing enterprise firewalls and network segmentation.
• Hands-on experience with modern EDR platforms and centralized RMM tools for patch deployment and monitoring.
• Deep familiarity with Microsoft 365 GCC High tenant administration, including data classification and sensitivity labels.
• Familiarity with secure file migration, data backup architectures, and Disaster Recovery (DR) execution.

Education & Experience Requirements

• Education: Bachelor’s degree in Cybersecurity, Computer Science, IT Management, or a      related technical field (equivalent practical experience considered).
• Experience:  5+ years of experience in IT systems administration or cybersecurity, with      at least 2 years directly managing compliance frameworks within the DoD      supply chain.
• Citizenship:  Must be a U.S. Citizen (required for accessing/managing      CUI/ITAR-regulated data).
• Certifications (Highly Desired):
  • Certified  Information Systems Security Professional (CISSP) or Certified       Information Security Manager (CISM).
  • CMMC  Certified Professional (CCP) or CMMC Certified Assessor (CCA).
  • CompTIA  Security+ or CySA+ (minimum baseline).