Senior Manager, Compliance & Government Security

Zayo Group

About The Position

Zayo provides mission-critical bandwidth to the world’s most impactful companies, fueling the innovations that are transforming our society. Zayo’s 141,000-mile network in North America and Europe includes extensive metro connectivity to thousands of buildings and data centers. Zayo’s communications infrastructure solutions include dark fiber, private data networks, wavelengths, Ethernet, and dedicated Internet access. Zayo serves wireless and wireline carriers, media, tech, content, finance, healthcare and other large enterprises. Our Manager III, Compliance & Government Security is a senior enterprise leader within the Governance, Risk, and Compliance organization with direct ownership of the company’s government security and enterprise compliance programs. This role holds formal appointment as Facility Security Officer (FSO) and Information Technology Principal Security Officer (ITPSO) and maintains enterprise accountability for the company’s Facility Clearance (FCL) and safeguarding of regulated information systems and Controlled Unclassified Information (CUI). The position leads a team of compliance professionals and is responsible for strategy, execution, and operational performance across federal frameworks including CMMC Level 2, NIST SP 800-171, DFARS, and FedRAMP, as well as commercial certifications including SOC 2 Type II, ISO/IEC 27001, and PCI DSS. This role carries direct people leadership responsibility, cross-functional authority across IT, Production Networks, Security Operations, Legal, HR, and Sales, and material impact on protected federal revenue streams.

Requirements

Minimum of eight (8) years of progressive experience in Governance, Risk, and Compliance with enterprise program ownership.
Minimum of three (3) years of direct people leadership experience.
Demonstrated experience managing U.S. Government compliance frameworks including CMMC, NIST SP 800-171, DFARS, and FedRAMP.
Experience serving in or supporting FSO and ITPSO functions within a cleared environment.
Experience leading SOC 2, ISO 27001, and PCI DSS certification programs.
Experience interfacing directly with government officials and external auditors.

Nice To Haves

Eligible for formal FSO appointment under federal guidelines.
Experience operating within telecommunications, infrastructure, cloud, or managed services sectors.
Certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor, or similar.

Responsibilities

Serve as the formally appointed FSO responsible for maintaining the company’s Facility Clearance (FCL).
Serve as ITPSO with accountability for safeguarding covered information systems and CUI.
Lead implementation and sustainment of CMMC Level 2, NIST SP 800-171, DFARS, and FedRAMP compliance programs.
Interface directly with government representatives, assessors, and oversight agencies.
Mitigate regulatory risks that could impact federal contract eligibility or revenue.
Own enterprise compliance programs including SOC 2 Type II, ISO/IEC 27001, and PCI DSS.
Design and harmonize control frameworks to reduce redundancy and increase operational efficiency.
Lead readiness assessments, gap analyses, and remediation initiatives.
Drive continuous monitoring and sustained compliance maturity.
Lead all external audits and certification engagements across regulatory frameworks.
Serve as executive liaison to auditors, C3PAOs, and certification bodies.
Direct enterprise-wide remediation of findings with measurable closure objectives.
Establish compliance accountability across IT, Production Networks, Sales, Executive Leadership, Legal, and HR.
Lead cross-functional teams to solve complex regulatory and contractual compliance challenges.
Serve as executive compliance authority in customer engagements and RFP responses.
Translate evolving federal mandates into scalable enterprise control implementations.
Directly manage a team of four or more compliance and government security professionals.
Set strategic direction, performance objectives, and development plans.
Allocate resources across concurrent regulatory initiatives based on risk and revenue impact.
Build scalable program capabilities aligned to enterprise growth.