Senior IT Compliance and Security Specialist

About The Position

Requirements

• Bachelor’s degree in Information Security, Information Technology, Computer Science, Engineering, or a related field; or equivalent combination of education and experience.
• Minimum of 5 years of progressive experience in cybersecurity, IT risk, compliance, or related technical security roles.
• Demonstrated experience supporting or leading audits or formal assessments in regulated or compliance-driven environments.
• Practical working knowledge of security controls, vulnerability management, and technical security operations.
• Experience documenting and maintaining compliance evidence and control documentation.
• Strong understanding of cybersecurity principles, control frameworks, and risk management methodologies.
• Ability to assess technical systems and translate findings into actionable remediation plans.
• Knowledge of vulnerability management lifecycle and security monitoring practices.
• Ability to evaluate and optimize security tooling and technical controls.
• Strong documentation, evidence management, and audit support skills.
• Ability to communicate technical concepts effectively to both technical and non-technical stakeholders.
• Strong analytical, organizational, and prioritization skills.
• Ability to operate independently with sound judgement and minimal supervision.
• Strong collaboration skills across IT, Quality, Operations, and leadership teams.

Nice To Haves

• Professional certifications such as CISSP, CISM, CISA, CRISC, Security+, or similar.
• Experience with NIST 800-171, CMMC, ISO 27001, or similar security frameworks.
• Experience working in manufacturing, aerospace, defense, or regulated environments.
• Experience in ITAR-controlled environments or export-controlled data handling.
• Experience implementing or managing security tooling platforms (e.g., vulnerability scanners, endpoint protection, SIEM, IAM).

Responsibilities

• Own the enterprise cybersecurity control environment by assessing, validating, and improving technical security controls across endpoints, networks, identity systems, applications, and cloud platforms.
• Lead vulnerability management processes including vulnerability scanning, prioritization, remediation tracking, validation, and reporting to reduce exposure to security threats.
• Partner with IT and operations to design and implement preventative security measures that strengthen system resilience, reduce operational risk, and improve security maturity.
• Maintain audit-ready compliance for applicable frameworks for NIST 800-171, CMMC Level 2, and ITAR-related controls, ensuring evidence is continuously documented, organized, and defensible.
• Act as internal owner for compliance assessments and third-party audits, coordinating evidence collection, gap tracking, remediation planning, and corrective actions through to closure.
• Evaluate security architecture, configurations, and operational practices to identify control gaps, systemic risks, and opportunities for continuous improvement.
• Support security incident preparedness activities including tabletop exercises, incident response documentation, post-incident analysis, and control improvement initiatives.
• Lead selection, implementation, and optimization of security tools and monitoring technologies (e.g., endpoint protection, vulnerability scanners, SIEM, access monitoring), ensuring tools are aligned with risk priorities and operational needs.
• Develop and maintain security and compliance policies, standards, procedures, and training materials that reinforce consistent execution and accountability across the organization.
• Track and report security risk indicators, control effectiveness metrics, audit readiness status, and remediation progress to leadership to support informed decision-making.
• Serve as the internal lead for the CMMC readiness initiative, coordinating directly with external assessors, managing readiness activities, and driving remediation toward compliance.