IT Security & Compliance Manager

IT Security & Compliance Manager

We are seeking an IT Security & Compliance Manager to oversee, maintain, and defend our digital infrastructure while strictly enforcing federal cybersecurity requirements. In this role, you will own our compliance posture, ensuring full alignment with NIST SP 800-171, DFARS View phone number on click.appcast.io, and CMMC Level 2.

The ideal candidate bridges the gap between technical execution and regulatory governance. You will be responsible for managing security operations, maintaining our System Security Plan (SSP), closing Plan of Action and Milestones (POA&M) items, and preparing the organization for a formal third-party CMMC assessment.

Key Responsibilities

• CMMC & NIST Governance: Own, update, and enforce the System Security Plan (SSP) and Plan of Action and Milestones (POA&M). Ensure all 110 practices of NIST SP 800-171 are fully implemented and auditable.
• Infrastructure Security Oversight: Oversee the security posture of our technical stack, ensuring secure configurations across firewalls, Endpoint Detection and Response (EDR), Remote Monitoring and Management (RMM), and cloud environments.
• Cloud & Tenant Security: Manage data enclave boundaries and security policies, specifically optimizing and maintaining a Microsoft 365 GCC High environment to prevent CUI spillage.
• Data Flow & CUI Management: Map, audit, and control the flow of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) across all internal and external systems.
• Incident Response & DFARS Reporting: Lead the incident response team. Ensure full compliance with DFARS View phone number on click.appcast.io, including rapid reporting of cyber incidents to the DoD Cyber Crime Center (DC3) within 72 hours.
• Vulnerability & Patch Management: Conduct regular internal audits, vulnerability scans, and risk assessments. Prioritize and remediate vulnerabilities across servers, endpoints, and network devices.
• Vendor & Supply Chain Risk: Evaluate subcontractors and third-party vendors to ensure they meet mandatory DFARS flow-down requirements.

Required Skills & Qualifications

Compliance & Regulatory Expertise:

• Deep, practical knowledge of NIST SP 800-171, NIST SP 800-53, DFARS View phone number on click.appcast.io, and CMMC Level 2 requirements.
• Proven experience writing, editing, and maintaining institutional IT policies, SSPs, and technical restoration playbooks.
• Experience navigating formal external IT audits or third-party assessments (C3PAO).

Technical Environment Experience:

• Strong background managing enterprise firewalls and network segmentation.
• Hands-on experience with modern EDR platforms and centralized RMM tools for patch deployment and monitoring.
• Deep familiarity with Microsoft 365 GCC High tenant administration, including data classification and sensitivity labels.
• Familiarity with secure file migration, data backup architectures, and Disaster Recovery (DR) execution.

Education & Experience Requirements:

• Education: Bachelor's degree in Cybersecurity, Computer Science, IT Management, or a related technical field (equivalent practical experience considered).
• Experience: 5+ years of experience in IT systems administration or cybersecurity, with at least 2 years directly managing compliance frameworks within the DoD supply chain.
• Citizenship: Must be a U.S. Citizen (required for accessing/managing CUI/ITAR-regulated data).
• Certifications (Highly Desired):
  • Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
  • CMMC Certified Professional (CCP) or CMMC Certified Assessor (CCA).
  • CompTIA Security+ or CySA+ (minimum baseline).