Senior Manager, Security & Compliance

About The Position

Requirements

• Active TS or TS/SCI required.
• 8–10+ years in DoD or Federal security, compliance, industrial security, or related fields
• Experience standing up or running compliance programs aligned to e.g., CMMC, NIST SP 800-171/53, DFARS 7012
• Demonstrated experience leading RMF/ATO lifecycles and/or building 0→1 CUI or classified compliance programs
• Experience serving as or supporting an FSO, CSSO, CPSO, ISSO, or ISSM
• Knowledge of NISPOM / 32 CFR 117, DISS/NISS, DD254 processes, insider threat programs, and CUI requirements
• Familiarity with DevSecOps tooling (CI/CI pipelines, SAST/DAST, SBOMs, EDR/SIEM, zero trust networks, encryption/KMS)
• Ability to work across parent–subsidiary governance models
• Strong communication skills with both technical and non-technical partners.
• Comfort operating in fast-paced, ambiguous startup environments

Responsibilities

• Build & Run the Compliance Program
• Establish and maintain compliance aligned with DoD and Federal standards (CMMC 2.0, NIST SP 800-171, NIST SP 800-53, DFARS 7012, CUI/FCI)
• Develop policies, SSPs, POA&Ms, governance frameworks, and audit-ready documentation
• Lead internal reviews, incident response processes, and security awareness training
• Create lightweight, scalable processes that support—rather than slow down—engineering and mission delivery
• Integrate with Parent Company Security & Compliance
• Align subsidiary controls with parent-company GRC, InfoSec, IT security, and privacy frameworks
• Identify gaps where DoD, CUI, or classified requirements exceed parent controls and build overlays
• Coordinate enterprise-wide audits, monitoring, documentation, and incidents
• Represent the Public Sector entity in cross-company security and compliance forums
• Work closely with engineering on secure architectures, vulnerability mitigation, logging/monitoring, and system hardening
• Drive Government Authorization Work
• Lead RMF and agency authorization efforts (e.g., DoD IL4–IL6, ATO packages)
• Translate federal frameworks into clear, actionable requirements for engineering and IT teams
• Coordinate with Authorizing Officials, primes, DCSA, integrators, and 3PAOs
• Oversee continuous monitoring, vulnerability management, and change control
• Stand Up Facility Clearance & Industrial Security
• Lead preparation for the company’s first Facility Clearance (FCL)
• Support SCIF and closed-area planning, build accreditation documentation, and oversee inspections
• Initially serve as acting Facility Security Officer (FSO)
• Establish industrial security programs
• Manage DISS/NISS, insider threat programs, DD254 workflows, and classified information controls
• Act as Early ISSM/ISSO (as Required)
• Own RMF execution, system security documentation, incident reporting, and vulnerability tracking
• Deliver user training, classified system onboarding, and ongoing security management
• Governance, Training & Communication
• Train teams on CUI handling, security practices, and federal compliance expectations
• Provide risk, readiness, and posture updates to leadership with clarity and precision
• Support customer security questionnaires and engagements with prime contractors
• Build the Team
• Define the long-term security, industrial security, and compliance team structure
• Hire and mentor future FSO, ISSM, GRC analysts, and compliance professionals
• Build durable programs that scale as mission sets, classification levels, and customers grow

Benefits

• Competitive salary and performance-based incentives.
• Comprehensive health, dental, and vision benefits package.
• 401k Match (US-based only)
• $200/mos Health and Wellness Stipend
• $400/year Continuing Education Credit
• $500/year Function Health subscription (US-based only)
• Free parking, for in-office employees
• Unlimited Approved PTO
• Parental Leave for Eligible Employees
• Supplemental Life Insurance