Compliance Program Manager

About The Position

Requirements

• Bachelor's degree.
• 5+ years of industry experience designing, supporting, and/or managing comprehensive compliance programs and security policy frameworks.
• Experience leading compliance programs and successfully achieving security certifications.
• Deep understanding of US export control regulations (ITAR, EAR).
• Experience working with Directorate for Defense Trade Controls (DDTC) for ITAR licensing.
• Hands-on experience with security standards and frameworks such as ISO 27001, NIST SP800-171, SOC 2, CMMC, Cyber Essentials.
• Proficiency in access control, risk management, and data protection strategies.
• Fluency in networking and encryption technologies and standards, cloud systems (AWS, Azure, on-premise hosting), firewalls, VPNs, VLANs.
• Willingness to work in a fast-paced environment with quickly changing priorities.
• Excellent communication skills, with the ability to present complex information clearly to technical and non-technical stakeholders.
• Strong prioritization skills, a bias for action, and the ability to lead cross-functional efforts.
• Ability to create and enforce policies while effectively communicating with cross-functional teams.

Nice To Haves

• Bachelor's or Master’s degree in Information Systems, Computer Science, Information Security, or a related field.
• Experience in managing audit activities, including working with internal and external auditors.
• Knowledge of third-party risk and vendor security assessment.
• Experienced in pre-contract sales calls or enterprise procurement negotiations.
• Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor, SOC, ISAE3402.
• Prior experience with enterprise sales processes and procurement security assessments.

Responsibilities

• Compile, implement, and maintain security policies, Standard Operating Procedures (SOPs), and compliance frameworks for existing and new obligations.
• Ensure adherence to cybersecurity regulations related to export-controlled data, including ITAR, CUI, and EAR.
• Oversee audits and lead certification processes, such as SOC 2, CMMC, and NIST compliance in collaboration with the vCISO.
• Handle InfoSec questions from customers and government contracts’ IT/InfoSec departments to handle their concerns, negotiate on our behalf, help the customer design their networks to be secure for them and for GMR.
• Maintain and implement security policies for enclaves deployed at HQ or on-site at customers and train the team on how to comply.
• Monitor and stay ahead of regulatory changes, updating company policies as needed and developing a regulatory compliance roadmap.
• Collaborate with IT and leadership teams to implement security best practices.
• Conduct internal security assessments and readiness reviews for compliance audits.
• Provide training and guidance on compliance and security best practices across the organization.

Benefits

• medical
• dental
• vision
• unlimited PTO
• 401(k) plan + employer match
• regular offsite events
• a discretionary fund for enhancing productivity