Cybersecurity Manager of Compliance

ASRC Federal•Reston, VA

19h•Hybrid

About The Position

ASRC Federal is looking for a detail-oriented and motivated Cybersecurity Manager of Compliance to join their team in a government contracting (GovCon) environment. This management role is responsible for leading, maturing, and overseeing enterprise cybersecurity compliance programs in DoD contractor environments. The role provides strategic oversight for audit readiness, compliance operations, POA&M lifecycle management, documentation accuracy, and the continuous monitoring of compliance obligations across the enterprise. The position is accountable for ensuring full alignment with CMMC Level 2 and Level 3 requirements, NIST SP 800-171, NIST SP 800-53, NIST SP 800-161 (C-SCRM), risk governance frameworks, and enterprise security policy and procedure development. This is a full-time hybrid role with 2 days in their Reston, VA office.

Requirements

Bachelor’s degree in cybersecurity, information systems, engineering, or equivalent experience.
10+ years of cybersecurity experience with at least 5 years in compliance leadership roles, OR 8+ years of cybersecruity experience with at least 3 years in compliance leadership roles with a Master's degree in cybersecurity or information systems, or related field.
Deep understanding of CMMC Level 2 and Level 3 frameworks.
Comprehensive knowledge of NIST SP 800-171, NIST SP 800-53, and NIST SP 800-161.
Experience in DoD contractor environments managing CUI and DFARS cybersecurity requirements.
Experience developing enterprise policies, standards, and procedures.
CISM or CISSP certification is required.
Strong communication, leadership, and cross-functional collaboration skills.
U.S. Citizenship required; ability to obtain and maintain a security clearance may be required depending on contract.

Nice To Haves

CCSP, CCP, CCA, CRISC, CAP, CCAK, or CMMC Certified Professional/Assessor.
Experience with eMASS, SIEM/SOC tools, and GRC platforms.
Experience with supplier cybersecurity assessments and C-SCRM initiatives.

Responsibilities

Lead enterprise readiness, execution, and sustainment for CMMC Level 2 and Level 3 certification.
Coordinate internal teams, external assessors, and evidence collection activities.
Ensure DFARS 252.204-7012, 7019, 7020, and 7021 compliance across programs.
Oversee all practices for safeguarding Controlled Unclassified Information (CUI).
Maintain SSPs, POA&Ms, and associated cybersecurity documentation.
Manage security assessments and deliver continuous monitoring activities.
Implement and manage 800-53 security and privacy controls across systems.
Guide teams through categorization, control selection, assessments, and mitigation.
Develop and manage supplier cybersecurity assurance processes.
Conduct vendor cybersecurity evaluations and ensure compliance flow-down requirements.
Develop, maintain, and govern enterprise information security policies and procedures.
Ensure alignment with federal, DoD, and internal security frameworks.
Develop compliance dashboards, metrics, and executive reports.
Lead internal audits, compliance reviews, and external audit preparation.
Lead a team of compliance analysts and cybersecurity professionals.
Provide mentorship, clarity of direction, and performance oversight.