Security and Compliance Manager

Aero GearWindsor, CT
Onsite

About The Position

Responsible for managing Aero Gear's cybersecurity program and maintaining the organization's compliance posture across all applicable regulatory frameworks, including CMMC Level 2, ITAR, and NIST SP 800-171. This role owns the cybersecurity tool stack, leads the IT compliance program, and serves as the primary liaison between IT, internal audit, and other departments on all matters related to information security and regulatory compliance. The Security and Compliance Manager creates, maintains, and enforces security policies and documentation, coordinates compliance activities, and ensures that all IT systems and practices meet the requirements necessary to support Aero Gear's defense manufacturing contracts. Occasional work outside regular business hours may be required.

Requirements

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent professional experience.
  • 5+ years of progressive experience in IT security, compliance, or a combined role.
  • Direct, hands-on experience with CMMC Level 2 or NIST SP 800-171 compliance programs strongly preferred
  • Experience in a defense manufacturing or ITAR-regulated environment is a significant plus.
  • Security certifications are strongly preferred: CompTIA Security+, CISSP, CISM, or equivalent.
  • Certifications such as CompTIA A+, Network+, or Microsoft Certified Professional (MCP) are a plus.
  • CMMC Registered Practitioner (RP) or Certified Professional (CP) designation is a plus.
  • Experience with Export Control administrative responsibilities is a plus.
  • US Person (Green Card Holder or United States Citizen) required due to government contracts and ITAR obligations.
  • The incumbent will be required to comply with all applicable export control laws and regulations.

Nice To Haves

  • Security certifications are strongly preferred: CompTIA Security+, CISSP, CISM, or equivalent.
  • Certifications such as CompTIA A+, Network+, or Microsoft Certified Professional (MCP) are a plus.
  • CMMC Registered Practitioner (RP) or Certified Professional (CP) designation is a plus.
  • Experience with Export Control administrative responsibilities is a plus.

Responsibilities

  • Manage and maintain the organization's cybersecurity tool stack, including endpoint detection and response (EDR), SIEM, email security, identity management, multi-factor authentication, and privileged access management solutions.
  • Own and operate Aero Gear's CMMC Level 2 compliance program for IT, including maintaining the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and Assessment Workbook in alignment with NIST SP 800-171 Rev 2 and applicable DFARS requirements.
  • Create, publish, maintain, and version-control the full library of IT security and compliance policies, procedures, standards, and work instructions; ensure documentation is current, accessible, and audit-ready at all times.
  • Work directly with Aero Gear's internal auditor and any third-party assessors (C3PAOs) to facilitate compliance reviews, provide evidence packages, and coordinate timely remediation of identified gaps or findings.
  • Plan, organize, and lead tabletop exercises and drills covering cybersecurity incident scenarios, business continuity, and regulatory compliance situations; document outcomes and drive improvement actions.
  • Collaborate with department managers and process owners across the organization to assess security and compliance risks associated with IT systems, data handling practices, and proposed technology changes.
  • Manage vulnerability and patch compliance programs across endpoints, servers, and network infrastructure; track remediation to closure and report risk posture to IT leadership.
  • Administer and monitor user access controls, identity governance, and privileged account management in accordance with least-privilege principles and CMMC/NIST requirements.
  • Coordinate and track security awareness training programs, phishing simulation campaigns, and compliance education initiatives for all personnel.
  • Monitor and respond to security alerts, events, and incidents; maintain and test the incident response plan and serve as a key responder during active incidents.
  • Evaluate new and existing vendor relationships for security and compliance risk; maintain a vendor risk register and support supply chain risk management activities.
  • Other duties as assigned.

Benefits

  • The company was founded in 1982 and has grown over the years through key capital investments, technology and the professional development of its employees.
  • Aero Gear is committed to the full inclusion of all qualified individuals. In keeping with our commitment, Aero Gear will take the steps to assure that people with disabilities are provided reasonable accommodations.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service