CMMC Program Manager

NeoSystems Careers•Reston, VA

16h•Remote

About The Position

The CMMC Program Manager is responsible for leading clients through NeoSystems Security Program Management solution and driving the overall maturity of our security program. This role oversees the development, implementation, and continuous improvement of cybersecurity compliance activities, ensuring alignment with regulatory requirements and industry best practices. The ideal candidate brings strong program management capabilities paired with handsâon expertise in security controls, risk management, and governance frameworks. This leader partners closely with IT, engineering, legal, procurement, and executive stakeholders to maintain a robust, auditâready security posture that supports organizational objectives. Role and Responsibilities: CMMC Program Leadership Lead the clients CMMC readiness, certification, and sustainment efforts across all required domains. Conduct gap assessments against CMMC practices and processes; develop and manage remediation roadmaps. Oversee creation and maintenance of required documentation, policies, SSPs, POA&Ms, and evidence repositories. Coordinate with external assessors, RPOs, and C3PAOs during audits and assessments. Ensure continuous compliance and maturity progression as CMMC requirements evolve. Security Program Management Develop, implement, and maintain the enterprise security program aligned with NIST 800â171, NIST CSF, ISO 27001, and other relevant frameworks. Manage crossâfunctional security initiatives, including risk assessments, vulnerability management, incident response planning, and thirdâparty risk. Establish KPIs, metrics, and reporting mechanisms to track program performance and communicate status to leadership. Drive policy development, lifecycle management, and organizational adoption of security standards. Partner with IT and engineering teams to ensure security controls are implemented effectively and sustainably. Governance, Risk & Compliance Lead internal audits, control testing, and continuous monitoring activities. Maintain a strong understanding of federal contracting requirements, DFARS 252.204â7012, and related compliance obligations. Support contract reviews, security clauses, and customer assurance activities. Identify risks, propose mitigation strategies, and ensure timely remediation. Stakeholder Engagement & Leadership Serve as a trusted advisor to senior leadership on cybersecurity maturity and compliance posture. Provide guidance and training to internal teams on CMMC practices and security best practices. Foster a culture of security awareness and accountability across the organization. Manage vendor relationships related to cybersecurity tools, assessments, and advisory services. Responsible for initial delivery of CMMC Program with program & deliverable oversight for CMMC clients. Lead the implementation of documented strategies to achieve and maintain compliance with CMMC requirements across designated products. Collaborate with other relevant departments to ensure a comprehensive approach to CMMC compliance. Participate in client information security risk and compliance assessments and audits. Lead client gap analysis and remediation plans. Lead Incident Response Tabletop exercises and supporting efforts. Deliver external processes to support the overall maturity of the Federal practice within client organizations.

Requirements

Bachelor’s degree in information systems or related field
5-10 years of experience in consulting, compliance, and cybersecurity or security program experience.
CISSP or equivalent certification required or equivalent work experience
Strong understand of security governance, risk management, and control frameworks.
Strong understanding of CMMC framework and its requirements.
Excellent communication and people skills to effectively interact with various stakeholders.
Ability to lead and influence cross-functional teams towards a common goal.
Detail-oriented with strong analytical and problem-solving skills.
Provide ability to manage complex, cross-functional programs to drive results.
CMMC-RPA certification required within first 90 days of employment.

Responsibilities

Lead the clients CMMC readiness, certification, and sustainment efforts across all required domains.
Conduct gap assessments against CMMC practices and processes; develop and manage remediation roadmaps.
Oversee creation and maintenance of required documentation, policies, SSPs, POA&Ms, and evidence repositories.
Coordinate with external assessors, RPOs, and C3PAOs during audits and assessments.
Ensure continuous compliance and maturity progression as CMMC requirements evolve.
Develop, implement, and maintain the enterprise security program aligned with NIST 800â171, NIST CSF, ISO 27001, and other relevant frameworks.
Manage crossâfunctional security initiatives, including risk assessments, vulnerability management, incident response planning, and thirdâparty risk.
Establish KPIs, metrics, and reporting mechanisms to track program performance and communicate status to leadership.
Drive policy development, lifecycle management, and organizational adoption of security standards.
Partner with IT and engineering teams to ensure security controls are implemented effectively and sustainably.
Lead internal audits, control testing, and continuous monitoring activities.
Maintain a strong understanding of federal contracting requirements, DFARS 252.204â7012, and related compliance obligations.
Support contract reviews, security clauses, and customer assurance activities.
Identify risks, propose mitigation strategies, and ensure timely remediation.
Serve as a trusted advisor to senior leadership on cybersecurity maturity and compliance posture.
Provide guidance and training to internal teams on CMMC practices and security best practices.
Foster a culture of security awareness and accountability across the organization.
Manage vendor relationships related to cybersecurity tools, assessments, and advisory services.
Responsible for initial delivery of CMMC Program with program & deliverable oversight for CMMC clients.
Lead the implementation of documented strategies to achieve and maintain compliance with CMMC requirements across designated products.
Collaborate with other relevant departments to ensure a comprehensive approach to CMMC compliance.
Participate in client information security risk and compliance assessments and audits.
Lead client gap analysis and remediation plans.
Lead Incident Response Tabletop exercises and supporting efforts.
Deliver external processes to support the overall maturity of the Federal practice within client organizations.