CMMC Compliance Manager / ISSO

Job Description Summary We are seeking a highly motivated and detail-oriented CMMC Compliance Manager to ensure that our activities comply with the Cybersecurity Maturity Model Certification (CMMC) standards. The CMMC Compliance Manager will play a critical role in maintaining and enhancing our cybersecurity posture, ensuring that all processes, systems, and personnel meet the rigorous CMMC requirements. This role will also assume the duties of an Information System Security Officer (ISSO), focusing on ensuring the security, compliance, and authorization of critical federal agency information systems. Roles and Responsibilities Develop and implement CMMC compliance strategies and policies to ensure that all activities meet CMMC standards. Conduct regular audits and assessments to identify and mitigate cybersecurity risks and vulnerabilities. Collaborate with cross‑functional teams, including IT, legal, and project management, to ensure CMMC compliance across all projects and initiatives. Provide training and guidance to employees on CMMC requirements and best practices. Stay current with CMMC updates and industry trends and advise leadership on necessary adjustments to compliance strategies. Prepare and maintain documentation required for CMMC certification and audits. Work with external auditors and certification bodies to facilitate CMMC assessments and certifications. Develop and maintain a CMMC compliance program that aligns with GE Vernova’s overall cybersecurity strategy. Ensure compliance with all applicable U.S. Government security regulations for information systems and networks under the NIST Risk Management Framework (RMF) process in accordance with the DCSA Assessment and Authorization Process Manual (DAAPM). Perform and review technical security assessments to identify vulnerabilities and ensure compliance with information assurance standards and regulations. Conduct regular security audits and assessments. Prepare, modify, and review system security plans (SSP). Identify information system risks and possible mitigation measures, documenting these in various risk reports and Plans of Action and Milestones (POA&Ms). Required Qualifications Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. A Master’s degree is a plus. Professional certification in CMMC (e.g., CMMC Registered Practitioner, CMMC Provisional Assessor) is required. Minimum of 6‑7 years of experience in cybersecurity, with a focus on CMMC compliance or a similar framework (e.g., NIST 800‑171, ISO 27001). Minimum of 6‑7 years of experience in project management. PMP Certification preferred. Strong understanding of cybersecurity principles, risk management, and compliance frameworks. Excellent communication and interpersonal skills, with the ability to collaborate effectively with diverse teams. Strong analytical and problem‑solving skills, with the ability to identify and mitigate cybersecurity risks. Familiarity with federal cybersecurity regulations and standards, particularly those relevant to the defense industries. Ability to maintain a U.S. security clearance. Knowledge of security technologies, such as CCTV systems, access control systems, and cybersecurity tools. Desired Characteristics Deep understanding of Controlled Unclassified Information (CUI) regulations, including NIST SP 800‑171 and DFARS. Familiarity with FAR, DFARS, ITAR, and EAR regulations and how they apply to CUI handling. Experience developing and overseeing CUI programs to ensure compliance with federal regulations. An active U.S. security clearance. IAT Level II certification. Knowledge of NIST Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM), National Industrial Security Program Operating Manual (NISPOM), and NISP Enterprise Mission Assurance Support Service (eMASS). Knowledge of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), classified computer operations, and experience with the technical configuration requirements for various operating systems. Knowledge and experience identifying, assessing, and documenting compliance against applicable DoD security controls (technical, management, operational), within RMF packages. This role requires access to U.S. export‑controlled information. If applicable, final offers will be contingent on ability to obtain authorization for access to U.S. export‑controlled information from the U.S. Government. Additional Information Pay range: $99,300.00 – $165,600.00. Geographic differential of 110%, 120%, or 130% of salary in certain areas. Relocation assistance provided: Yes. Benefits: Medical, dental, vision, and prescription drug coverage Health Coach from GE Vernova, a 24/7 nurse‑based resource Employee Assistance Program, providing 24/7 confidential assessment, counseling and referral services Retirement benefits including GE Vernova Retirement Savings Plan, a tax‑advantaged 401(k) savings opportunity with company matching contributions and company retirement contributions, as well as access to Fidelity resources and financial planning consultants Tuition assistance Adoption assistance Paid parental leave Disability benefits Life insurance 12 paid holidays Permissive time off GE Vernova will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable). Equal Opportunity Employer Statement GE Vernova is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. #J-18808-Ljbffr IF1868 GE Energy Power Conversion Naval Systems Inc.