CMMC Compliance Manager / ISSO

Job Description Summary We are seeking a highly motivated and detail-oriented CMMC Compliance Manager to ensure that our activities comply with the Cybersecurity Maturity Model Certification (CMMC) standards. The CMMC Compliance Manager will play a critical role in maintaining and enhancing our cybersecurity posture, ensuring that all processes, systems, and personnel meet the rigorous CMMC requirements. This role will also assume the duties of an Information System Security Officer (ISSO), focusing on ensuring the security, compliance, and authorization of critical federal agency information systems. Job Description Roles and Responsibilities Develop and implement CMMC compliance strategies and policies to ensure that all activities meet CMMC standards. Conduct regular audits and assessments to identify and mitigate cybersecurity risks and vulnerabilities. Collaborate with cross-functional teams, including IT, legal, and project management, to ensure CMMC compliance across all projects and initiatives. Provide training and guidance to employees on CMMC requirements and best practices. Stay current with CMMC updates and industry trends and advise leadership on necessary adjustments to compliance strategies. Prepare and maintain documentation required for CMMC certification and audits. Work with external auditors and certification bodies to facilitate CMMC assessments and certifications. Develop and maintain a CMMC compliance program that aligns with GE Vernova’s overall cybersecurity strategy. Ensure compliance with all applicable U.S. Government security regulations for information systems and networks under the NIST Risk Management Framework (RMF) process in accordance with the DCSA Assessment and Authorization Process Manual (DAAPM). Perform and review technical security assessments to identify vulnerabilities and ensure compliance with information assurance standards and regulations. Conduct regular security audits and assessments. Prepare, modify and review system security plans (SSP). Identify information system risks and possible mitigation measures, documenting these in various risk reports and Plans of Action and Milestones (POA&Ms). Required Qualifications Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. A Master’s degree is a plus. Professional certification in CMMC (e.g., CMMC Registered Practitioner, CMMC Provisional Assessor) is required. Minimum of 6-7 years of experience in cybersecurity, with a focus on CMMC compliance or a similar framework (e.g., NIST 800-171, ISO 27001). Minimum of 6-7 years of experience in project management; PMP Certification preferred. Strong understanding of cybersecurity principles, risk management, and compliance frameworks. Excellent communication and interpersonal skills, with the ability to collaborate effectively with diverse teams. Strong analytical and problem‑solving skills, with the ability to identify and mitigate cybersecurity risks. Familiarity with federal cybersecurity regulations and standards, particularly those relevant to the defense industries. Ability to maintain a U.S. security clearance; U.S. citizenship is required to qualify for clearance. Knowledge of security technologies, such as CCTV systems, access control systems, and cybersecurity tools. Desired Characteristics Deep understanding of Controlled Unclassified Information (CUI) regulations, including NIST SP 800-171 and DFARS. Familiarity with FAR, DFARS, ITAR, and EAR regulations and how they apply to CUI handling. Experience developing and overseeing CUI programs to ensure compliance with federal regulations. An active U.S. security clearance. IAT Level II certification. Knowledge of NIST Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM), National Industrial Security Program Operating Manual (NISPOM), and NISP Enterprise Mission Assurance Support Service (eMASS). Knowledge of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), classified computer operations, and experience with the technical configuration requirements for various operating systems. Knowledge and experience identifying, assessing, and documenting compliance against applicable DoD security controls (technical, management, operational) within RMF packages. Additional Information GE Vernova is an equal opportunity employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. Relocation assistance: Yes Pay and Benefits Pay range: $99,300.00 – $165,600.00. Geographic differential of 110%–130% of salary in certain areas. Bonus eligibility: ineligible. Benefits include medical, dental, vision, and prescription drug coverage; access to a Health Coach and a 24/7 nurse-based resource; the Employee Assistance Program; retirement benefits with a 401(k) matching contribution and company retirement contributions; tuition assistance; adoption assistance; paid parental leave; disability benefits; life insurance; 12 paid holidays; permissive time off. #J-18808-Ljbffr GE Vernova