CMMC Compliance Manager

📋 Description

• Oversee comprehensive CMMC engagements from scoping to implementation and readiness.

• Establish system boundaries and define the scope of the System Security Plan (SSP).

• Facilitate the implementation of NIST 800-171 / CMMC Level 2 controls.

• Create the SSP, Plan of Action and Milestones (POA&M), policies, and necessary artifacts.

• Prepare clients for their C3PAO assessment.

• Act as the primary compliance liaison for client stakeholders.

• Promote client accountability, manage timelines, and track progress.

• Oversee multiple client environments within a Compliance as a Service (CaaS) model.

• Highlight risks that may affect readiness timelines.

• Assist in post-certification compliance and monitoring activities.

• Monitor compliance status, risks, and remediation efforts.

• Maintain ongoing alignment with CMMC requirements.

• Provide services utilizing standardized frameworks and templates.

• Ensure consistency across different client environments.

• Contribute to the improvement of processes and automation initiatives.

• Safeguard client and company data in accordance with established security policies.

• Ensure appropriate handling of Controlled Unclassified Information (CUI) and regulated data.

• Identify and report security incidents following established procedures.

• Assist with risk assessments and track remediation efforts (POA&Ms).

• Engage in security program activities and reviews.

⛳️ Requirements

• Minimum of 5 years in technical, security, or compliance roles within IT environments, including administration of common SMB platforms like Microsoft Office 365.

• Familiarity with security concepts and common tools, including Endpoint Detection and Response (EDR), vulnerability management, patch management, and auditing (SIEM) functions.

• Experience implementing NIST SP 800-171 / CMMC Level 2 requirements or direct experience with externally audited compliance standards such as ISO 27001.

• Proven ability to manage multiple compliance engagements concurrently.

• Excellent client communication and advisory skills.

• Experience in multi-client or managed services environments (MSP/MSSP) is highly preferred.

• Experience delivering compliance using standardized or repeatable frameworks is preferred.

• Must be eligible for Department of Defense (DOD) Tier 3 background investigation.

• Required: Security+ certification (or equivalent foundational security knowledge).

• Experience with NIST 800-171 / CMMC is essential.

• Preferred: CMMC Certified Cybersecurity Advisor (CCA) training or certification.

• CMMC Certified Compliance Professional (CCP).

• Certified Information Systems Auditor (CISA).

🏝️ Benefits

• Medical Insurance - OSIbeyond covers 75% of the premium for the Employee's base medical plan.

• Vision and Dental Insurance - OSIbeyond contributes 75% of the premium for the Employee's plans.

• Life Insurance - OSIbeyond pays 100% of the premium for the Employee's plans.

• Short Term Disability Insurance - OSIbeyond covers 100% of the premium for the Employee's plans.

• 401K - OSIbeyond matches contributions up to 4%.

• PTO/Holidays - 9 paid holidays and accrual-based PTO which increases with tenure; new hires begin with 2 weeks.