Cls Jobs

About The Position

Requirements

• Strong understanding of IT security frameworks and standards (e.g., NIST, ISO/IEC 27001, COBIT, ITIL)
• Expertise in regulatory requirements including CMMC, DFARS, SOX, HIPAA, PCI DSS, and global compliance standards
• Ability to translate complex security and risk concepts for both technical and non-technical audiences
• Proven experience in risk management, internal controls, and audit processes
• Strong project and program management capabilities
• Advanced analytical and problem-solving skills
• Effective communication, collaboration, and stakeholder management skills
• Experience with enterprise GRC tools and platforms
• Solid understanding of change management processes
• 5–7+ years of experience in IT Security, Risk Management, or Compliance, preferably in manufacturing or defense environments
• Strong working knowledge of NIST 800-171, CMMC, ITAR, and GDPR
• Demonstrated ability to manage multiple complex initiatives in regulated environments
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.

Nice To Haves

• CMMC Certified Professional (CCP) (highly preferred)
• CMMC Certified Assessor (CCA)
• CISSP, CISA, ISO/IEC 27001 Lead Auditor, or PMP

Responsibilities

• Lead enterprise-wide governance for frameworks and regulations including NIST 800-171, DFARS, and CMMC, ensuring consistent implementation and ongoing compliance.
• Drive organizational readiness and successful execution of CMMC Level 2 assessments across Aerospace & Defense (A&D) sites.
• Oversee the full lifecycle of internal and external IT audits, including preparation, stakeholder coordination, and timely remediation of findings.
• Implement and manage the enterprise GRC platform to centralize compliance tracking, POA&M management, and risk reporting.
• Define and enforce access control standards, including compliance with complex global requirements such as ITAR and EAR.
• Direct the development and maintenance of System Security Plans (SSPs) and supporting security documentation.
• Partner with site-level IT teams to identify vulnerabilities and embed security controls into business processes.
• Lead cross-functional security and compliance initiatives, managing scope, timelines, resources, and executive reporting.