Compliance & Security Manager

About The Position

Requirements

• Bachelor’s degree in information technology, Computer Science, or related field
• U.S. Citizenship required due to ITAR regulations
• Deep understanding of CMMC, NIST SP 800-171, ITAR, and DFARS regulations.
• Experience with physical security systems (e.g., badge access, CCTV, intrusion detection).
• Excellent analytical and problem-solving skills
• Ability to communicate complex technical concepts to non-technical stakeholders
• Ability to comprehend complex problems and to collaborate and explore alternative solutions.
• Develop process improvements and/or make recommendations for changes to ensure compliance.
• A strong working knowledge of audit/assessment terminology.
• Proficient in MS Office with advanced skills in Excel and Visio
• Strong analytical, problem solving, collaboration and technical skills.
• Strong time management skills
• Ability to work under pressure and meet deadlines.
• Clear background check and drug/alcohol screening
• Lifting up to 25 pounds
• Bending, stooping, ability to stand for extended periods of time
• Must be able to travel and have a clear driving record in accordance with company driving guidelines

Nice To Haves

• Certifications such as Security +, CMMC CCP, CCA, or CISSP are highly desirable.
• LEAN, Six Sigma or other process improvement/project management training and/or experience is a plus

Responsibilities

• Develop and maintain policies, standards and procedures, lifecycle, document processes, risks, exceptions, operational action plan to the appropriate CMMC levels.
• Develop and maintain documentation, including System Security Plan (SSP), Plan of action & Milestones (POA&M), and control implementation guidelines.
• Coordinate internal gap analyses and risk assessments to identify areas of non-compliance/vulnerabilities and propose remediations in accordance with organizations appropriate CMMC levels.
• Coordinate and lead CMMC gap assessments, including annual self-assessments, and third-party assessments (C3PAO).
• Provide evidence in response to audit engagement or other assessments/state exams. Evaluate evidentiary documentation for accuracy and completeness and reconcile evidence and other assessment documentation to ensure compliance with audit controls and regulatory requirements.
• Work cross-functionally with IT team members, HR team members, business team members, and legal to ensure technical controls are implemented in alignment with NIST 800-171 control requirements and evidence is recorded,
• Monitor compliance dashboards and provide oversight on policy deviations, privileged access, systems hardening, data flow boundary monitoring, security monitoring and response.
• Proactively monitor evolving changes to relevant legislation and accreditation standards; DOW, DFARS, CMMC regulations, and assess organizations’ impact through continuous monitoring and mitigation plans.
• Oversee and evaluate supplier risk including contractors, sub-contractors, Joint Venture (JV) partners compliance when CUI/FCI is shared or processed by third parties.
• Coordinate training and awareness programs for CUI handling, Insider Risk, Cybersecurity awareness, and compliance procedures.
• Review and negotiate contracts and third-party agreements for security and compliance obligations.
• Report on compliance posture metrics to leadership and stakeholders
• Investigate and report compliance breaches, and develop remediation plans
• Develop and enforce policies for handling Controlled Unclassified Information (CUI).
• Ensure compliance with International Traffic in Arms Regulations (ITAR) and Defense Federal Acquisition Regulation Supplement (DFARS).
• Train staff on ITAR/DFARS requirements and monitor adherence.
• Oversee physical security operations including access control, surveillance, and visitor management.
• Conduct regular security audits and vulnerability assessments of facilities.
• Develop and maintain emergency response and incident management protocols.
• Coordinate with facilities and HR to ensure secure onboarding/offboarding and access review processes.
• Evaluate physical security of VYTL locations based upon work scope performed at each location to meet compliance regulations.
• Acts in capacity of a "lead person." Does not have management responsibility for the people to whom they provide work direction