Director of Information Technology (Cybersecurity/CMMC Lead)

About The Position

Requirements

• Bachelor’s degree in computer science, information technology, cybersecurity, or a related field (or equivalent experience).
• 5+ years of experience in IT management, with a strong focus on cybersecurity.
• Proven experience leading an organization through NIST SP 800-171 and CMMC Level 2 preparations.
• Strong knowledge of DFARS 252.204-7012 requirements.
• Experience managing MSPs/MSSPs and holding them accountable to SLAs/KPIs.
• Excellent communication skills, with the ability to bridge the gap between technical teams and executive leadership.
• Must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.

Responsibilities

• Lead the end-to-end governance of CMMC Level 2, mapping all systems to NIST SP 800-171, and managing DFARS 252.204-7012/7019/7020 compliance.
• Author, maintain, and audit the System Security Plan (SSP) and Plan of Action and Milestones (POA&M).
• Drive organization-wide readiness for formal Certified Third-Party Assessment Organization (C3PAO) audits.
• Establish rigid protocols for identifying, segmenting, and transmitting CUI.
• Enforce strict SLAs and KPIs with external partners, auditing vulnerability management and user access controls.
• Own the Incident Response Plan and lead DFARS-mandated reporting timelines during security events.
• Work alongside the CFO to align technology investments with corporate risk management and fiscal goals.