CMMC Compliance Program Manager

Varda Space IndustriesEl Segundo, CA
$145,000 - $175,000Onsite
Match Resume

About The Position

We are hiring a CMMC Compliance Program Manager to own and drive our CMMC Level 2 certification effort and sustain our compliance posture beyond it. This is the central role in our security organization's compliance function — responsible for translating regulatory requirements into executable controls, coordinating across our security and IT organizations, and delivering a successful C3PAO assessment. This is a hands-on, high-accountability role reporting directly to the CISO. You will work closely with our InfoSec Engineer, Security Operations Analyst, IT Director, and our external partners including our C3PAO and our managed SOC and RPO provider (SysARC). You are the person who ensures nothing falls through the cracks between now and certification — and who keeps us audit-ready permanently after. The Immediate Mission Our C3PAO assessment is scheduled for August. You will own getting us there: Take full ownership of the System Security Plan (SSP) — documenting how all 110 NIST 800-171 practices are implemented across our environment Build and maintain the Plan of Action & Milestones (POA&M) for any gaps, with realistic remediation timelines Coordinate evidence artifact collection from our InfoSec Engineer, IT Director's team, and HR — ensuring every practice has supporting documentation Manage the day-to-day relationship with SysARC as our RPO — driving deliverables, validating their work products, and integrating their outputs into our evidence packages Interface directly with our C3PAO as the primary point of contact for scheduling, pre-assessment requests, and assessment coordination Run a pre-assessment readiness review before the formal C3PAO engagement to identify and close remaining gaps

Requirements

  • 5+ years in GRC, compliance, or security program management roles
  • Direct, hands-on experience with CMMC Level 2 — either as a primary GRC lead in a C3PAO assessment, or as an RPO practitioner supporting a Level 2 implementation
  • Demonstrated ability to write and maintain a System Security Plan (SSP) and POA&M against NIST 800-171
  • Experience managing evidence collection programs for compliance audits — organizing artifacts, tracking gaps, and coordinating across departments
  • Comfortable working in a lean organization where you own your domain without dedicated staff below you
  • Experience interfacing with external auditors or assessors as an organizational point of contact
  • Familiarity with the GovCon or defense industrial base compliance environment

Nice To Haves

  • Participated in a successful CMMC Level 2 C3PAO assessment as the primary compliance lead or assessment coordinator
  • Registered Practitioner (RP) credential from the CMMC-AB, or experience working embedded within an RPO
  • Hands-on familiarity with one or more of our tool stack: CrowdStrike, Zscaler, ThreatLocker, Darktrace, Okta — sufficient to understand what evidence each tool can produce and how to extract it
  • Experience managing a compliance program alongside a managed SOC or MSSP — understanding how to integrate third-party monitoring outputs into internal compliance evidence
  • Certifications: CCP (Certified CMMC Professional), CCA (Certified CMMC Assessor), CISA, CISM, or CISSP
  • Experience at a DoD prime or subcontractor, defense-adjacent technology company, or GovCon-focused MSSP
  • Familiarity with ITAR/EAR compliance in a defense context — relevant as we grow into regulated programs

Responsibilities

  • Own the SSP end-to-end — scope definition, control descriptions, implementation status, and evidence mapping
  • Maintain the POA&M with current status and drive remediation to closure
  • Serve as primary liaison to our C3PAO assessors before, during, and after the assessment
  • Coordinate the SysARC RPO engagement — own the scope of work, milestone tracking, and integration with internal deliverables
  • Manage assessment scheduling, documentation submissions, and assessor requests
  • Define and maintain a control mapping across our tool stack: CrowdStrike, Zscaler, ThreatLocker, Darktrace, and Okta
  • Collect, organize, and maintain evidence artifacts for all implemented controls — screenshots, config exports, policy documents, training records, access review logs, audit log samples
  • Coordinate with IT Director's team (Network Engineer, Help Desk) to produce infrastructure evidence: patch logs, change records, configuration documentation
  • Work with HR to document personnel security controls: background checks, onboarding/offboarding procedures, security awareness training completion
  • Write and maintain the security policies required by CMMC Level 2 — Acceptable Use, Incident Response, Access Control, Configuration Management, Media Protection, and others
  • Ensure policies are implemented, communicated, and tied to assessable controls
  • Own the security awareness training program: content, delivery, tracking, and evidence of completion
  • Maintain the risk register and ensure identified risks are tracked, assigned, and remediated
  • Establish a continuous monitoring cadence post-certification to maintain audit readiness
  • Coordinate periodic access reviews, vulnerability scan reviews, and control effectiveness reviews
  • Track CMMC regulatory updates and assess impact on our compliance posture
  • Own the RACI between our Security organization and IT organization for CMMC control ownership and evidence accountability
  • Brief the CISO weekly on program status, open risks, and blockers
  • Ensure SysARC's SOC outputs — alert logs, IR documentation, monitoring reports — are captured and organized as AU and IR domain evidence
  • Coordinate with IT Director to ensure his team understands their evidence obligations and meets deadlines

Benefits

  • Exciting team of professionals at the top of their field working by your side
  • Equity in a fully funded space startup with potential for significant growth (interns excluded)
  • 401(k) matching (interns excluded)
  • Unlimited PTO (interns excluded)
  • Health insurance, including Vision and Dental
  • Lunch and snacks provided on site every day. Dinners provided twice a week.
  • Maternity / Paternity leave (interns excluded)

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Education Level

No Education Listed

Number of Employees

11-50 employees

Job Search Resources

Similar CMMC Compliance Program Manager job opportunities

CMMC Compliance Program Manager
Varda Space Industries
Varda Space Industries • El Segundo, CA2d • $145,000 - $175,000 • Onsite
CMMC Compliance Lead
AeroVironment
AeroVironment • Simi Valley, CA13d • Remote
Compliance Program Manager
SCAN Health Insurance
SCAN Health Insurance • Long Beach, CA9d • Onsite
Program Manager - Compliance
Westinghouse Electric Company, LLC
Westinghouse Electric Company, LLC • Cranberry Township, PA8d • Hybrid
Manager, Program Compliance
Employ Prince George's
Employ Prince George's • Largo, MD6d • $80,000 - $85,500 • Hybrid
Program Manager, Commercial Compliance
MongoDB
MongoDB • New York, NY7d
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service