Director of Compliance

About The Position

Requirements

• Bachelor's degree in cybersecurity, information systems, business, or a related field — or equivalent professional experience.
• 8+ years in compliance, cybersecurity, or risk management with deep, hands-on NIST SP 800-171 and CMMC experience.
• 5+ years leading teams in an MSP, MSSP, consulting, or audit setting — including managing managers.
• Track record preparing clients for and supporting them through C3PAO, DIBCAC, or comparable third-party assessments.
• Proven ability to install operating rhythm and structure in a department that has been running informally.
• Strong command of DFARS 252.204-7012 / -7019 / -7020 / -7021 and the broader CMMC ecosystem.
• The presence to represent clients to C3PAO assessors — and to coach analysts to do the same.

Nice To Haves

• CMMC Certified Professional (CCP) and/or CMMC Certified Assessor (CCA).
• CISSP, CISM, CISA, or PMP.
• Prior Director-level experience inside an MSP/MSSP serving DoD contractors.
• Experience scaling a compliance practice through a period of rapid client growth.

Responsibilities

• Own the org design of Compliance Services roles, levels, spans of control, escalation paths, and clear lanes between Compliance Managers, Lead Analysts, and Analysts.
• Publish job descriptions, leveling guides, and career ladders so every team member knows what's expected at their level and what success at the next level looks like.
• Install an operating rhythm, daily standups, weekly portfolio reviews, monthly quality reviews, quarterly business reviews, that surfaces risk early and keeps the department running as a system, not a collection of individuals.
• Maintain a forward-looking capacity model that ties pipeline, signed clients, and client compliance footprint size to required analyst, lead, and manager hours.
• Own the hiring plan: forecast openings, partner with People Operations on sourcing, run structured interview loops, make hire/no-hire decisions.
• Size and re-size the team continuously so every client gets the coverage their footprint demands without burning out staff or compromising delivery.
• Build and own the department's education program: onboarding curriculum, role-based learning paths, and continuing education for tenured staff.
• Set certification expectations by role (CCP, CCA, CISSP, CISM, Security+) with funded pathways and clear timelines.
• Run regular internal training on NIST SP 800-171 R2, NIST SP 800-171A, CMMC Level 2 scoping, evidence standards, and assessor expectations so the team speaks one language.
• Hold the line on a 100% client pass rate at CMMC Level 2 C3PAO assessment. Every assessment is a department commitment, not an analyst commitment.
• Define and enforce the readiness standard: scope confirmation, SSP quality, evidence completeness, POA&M posture, and pre-assessment mock validation.
• Operate a formal Director-level go/no-go gate before every C3PAO engagement. No client enters assessment without confirmation that they meet the standard.
• Run post-assessment reviews on every engagement and feed lessons back into playbooks, training, and the readiness checklist.
• Ensure every client engagement is staffed with a qualified lead capable of sitting as the client's representative at C3PAO assessment and speaking on the client's behalf to the Assessor organization.
• Personally calibrate and certify which staff are cleared to sit lead. Grow the bench by pairing newer staff with seasoned leads.
• Step in as lead representative for the most complex or highest-stakes assessments.
• Coach analysts on assessor interaction precise answers, evidence grounding, knowing when to defer, and defending the client's posture without overstepping.
• Own the playbooks gap assessment, SSP authoring, POA&M management, evidence collection, scope definition, and assessment readiness — and keep them current with the latest CMMC and DoD guidance.
• Run a quality program with sampling, peer review, and corrective action so deliverables are consistent across analysts.
• Standardize tooling and templates to reduce variance and onboarding time.
• Lead, mentor, and develop Compliance Managers and senior individual contributors. Their performance is your performance.
• Set quarterly objectives for every direct report, run 1:1s, and deliver candid feedback — recognition and correction.
• Build a culture of ownership, precision, and client advocacy. Address underperformance directly and promptly.
• Drive retention through career development, meaningful work, and a workload made manageable by sound capacity planning.
• Partner with the VP of Compliance on strategy, external positioning, and the most sensitive client engagements.
• Coordinate with Cybersecurity, Engineering, Service Delivery, and the PMO so compliance evidence and remediation move in lockstep with technical implementation.
• Work with Sales and Client Success on scoping, expectation-setting, and renewals as client footprints evolve.

Benefits

• Competitive salary and performance-based incentives.
• Comprehensive benefits package, including health, dental, vision, and retirement plans.
• Opportunities for professional growth and certifications.