Compliance Manager

About The Position

Requirements

• Bachelor’s degree (BS/BA) in a Cybersecurity, Information Systems, Business, or related field from a four-year college or university; and seven (7) or more years related experience and/or training; or equivalent combination of education and experience
• 7+ years of experience in compliance, information security, or defense contracting
• Experience with DFARS, CMMC, ITAR, EAR, and related frameworks
• Familiarity with NIST standards (SP 800-171, SP 800-53) and incident reporting under DFARS
• Defense & Export Compliance Expertise: Strong understanding of CMMC, DFARS, NIST 800-171, ITAR, and EAR requirements
• Supplier Compliance & Risk Management: Ability to ensure compliance flow downs to suppliers/subcontractors, monitor adherence, and manage supply chain risk in alignment with DoD regulations
• Audit & Assessment Readiness: Experience preparing organizations for DoD audits, CMMC assessments, and government security reviews
• Incident Management: Ability to coordinate DFARS-compliant incident reporting, including DoD/DC3 submissions
• Policy & Program Development: Skilled in creating compliance policies, security procedures, and evidence repositories
• Risk & Continuous Monitoring: Proficient in compliance risk management, monitoring controls, and implementing remediation plans
• Cross-Functional Collaboration: Ability to partner with Contract Administration and key business functions to align compliance programs with contractual, customer, and organizational requirements
• Training & Communication: Strong skills in educating non-technical staff and building compliance culture
• Strategic Leadership: Able to translate regulatory requirements into practical business processes and long-term compliance roadmaps
• Proficient with Microsoft Office Suite, including PowerPoint, Visio, Word, Excel, Project, and SharePoint

Nice To Haves

• Master’s degree preferred
• Background in aerospace/defense or regulated industries strongly preferred
• Relevant certifications in compliance and security (e.g., CMMC Professional/Assessor, CISSP, CISM, CISA, CCSK, ITAR/EAR export control training) preferred

Responsibilities

• Lead UR’s compliance strategy and program development (CMMC, DFARS, NIST 800-171, ITAR/EAR, CUI handling), including policies, procedures, and controls
• Manage audit readiness and external assessments, ensuring documentation, evidence, and control implementation meet regulatory requirements
• Ensure supplier and subcontractor compliance by supporting the flow down of contractual, cybersecurity, and export control requirements in coordination with the Contract Admin & CX Services Manager
• Partner with Technology, Operations, Facilities, and other functions to ensure security, access, and incident reporting controls are effectively implemented
• Monitor regulatory updates (DoD, NARA, BIS, DDTC) and adjust UR compliance programs accordingly
• Lead incident reporting and response coordination, ensuring DFARS 252.204-7012 and ITAR/EAR requirements are met
• Develop and deliver compliance training and awareness programs for employees and contractors handling CUI or export-controlled data
• Maintain compliance metrics and risk tracking, reporting status and findings to UR leadership
• Serve as primary liaison with regulatory agencies, including DCAA, DCMA, BIS, and DDTC, and coordinate responses to audits and inquiries
• Continuously evaluate and enhance compliance programs, incorporating industry best practices and benchmarking against peers
• Oversee third-party risk management, including compliance due diligence and monitoring of vendors and subcontractors
• Ensure data privacy and protection compliance, collaborating with IT and legal teams to safeguard sensitive information
• Promote ethics and integrity across the organization, investigating and resolving compliance-related concerns
• Lead policy governance, including development, review, and lifecycle management of compliance-related policies
• Advise senior leadership on strategic compliance risks, mitigation plans, and integration with business objectives
• Coordinate crisis and incident response efforts, including breach investigations and remediation planning
• Champion a proactive compliance culture, using communication, engagement, and feedback mechanisms
• Evaluate and implement compliance technologies, including automation tools for monitoring and reporting
• Other duties as assigned