Manager, IT Security & Compliance (ITAR)

About The Position

Requirements

• Bachelor’s degree in information technology, Cybersecurity, or a related field (or equivalent experience).
• 5+ years of experience in IT security, compliance, or risk management.
• Demonstrated experience with ITAR compliance and handling controlled technical data.
• Solid understanding of regulatory frameworks: NIST 800-171, CMMC, ISO 27001, SOC 2, GDPR.
• Hands-on experience with enterprise security tools: SIEM, EDR, IAM, DLP, vulnerability scanners.
• Strong knowledge of network security concepts, cloud security (Azure/AWS), and incident response processes.
• Excellent documentation, communication, and auditing skills.

Nice To Haves

• Relevant certifications: CISSP, CISM, CEH, CCSP, Security+, Certified CMMC Professional (CCP), or ITAR certification.
• Experience working in the defense, aerospace, manufacturing, or government contracting sectors.
• Familiarity with controlled unclassified information (CUI) environments.

Responsibilities

• Information Security Management
• Develop and maintain the company’s Information Security Program, ensuring alignment with industry standards (NIST, ISO 27001, CIS Controls).
• Implement and oversee security technologies, including firewalls, SIEM, endpoint detection, access controls, and encryption.
• Conduct regular security risk assessments, vulnerability scans, and penetration testing initiatives.
• Lead security incident response, investigation, documentation, and reporting processes.
• Manage identity and access management (IAM) practices, including privileged access controls.
• Compliance & Governance
• Maintain compliance with ITAR, CMMC, DFARS 252.204-7012, NIST 800-171, GDPR, and other applicable regulatory or contractual cybersecurity requirements.
• Develop and maintain system security plans (SSPs), POA&Ms, and related compliance documentation.
• Lead internal and external audits, ensuring timely responses and remediation of findings.
• Create and enforce IT policies, standards, and procedures.
• Oversee vendor cybersecurity due diligence and third-party risk assessments.
• ITAR-Specific Responsibilities
• Ensure all digital systems, data repositories, and communication tools comply with ITAR technical data handling requirements.
• Coordinate with HR and Legal to verify personnel eligibility for access to ITAR-controlled information.
• Implement access restrictions, data segregation, and monitoring controls for ITAR-regulated systems.
• Train employees on ITAR obligations, including proper handling, storage, and transmission of defense-related technical data.
• Work with Export Compliance personnel to maintain audit-ready documentation and respond to regulatory inquiries or incidents.
• Ensure cloud environments meet ITAR compliance (e.g., US-persons-only access, compliant hosting platforms).
• Security Awareness & Training
• Lead ongoing cybersecurity and compliance training initiatives across the organization.
• Conduct phishing simulations, awareness campaigns, and departmental workshops.
• Ensure new hires receive mandatory IT security and ITAR compliance orientation.
• Strategic Leadership
• Develop the IT security roadmap and budget, aligning with organizational goals.
• Provide security and compliance guidance during technology planning and system implementations.
• Collaborate with executive leadership to communicate risk posture, KPI dashboards, and business impacts.
• Stay current on emerging threats, regulations, and security technologies.