Cybersecurity Compliance Lead (Associate Director) – Job Description:

Our Client is seeking a Cybersecurity Compliance Lead/Associate Director with deep NIST/CMMC expertise who can lead the Client’s NIST/CMMC compliance PMO. Our Client is enhancing their security and privacy protections across both National and Public Sector enterprises. A Cybersecurity Compliance Lead/Associate Director is essential to identify and manage all cybersecurity and compliance activities, including key tasks needed to achieve compliance for the DFARS 171 and CMMC programs. This individual will work with executive stakeholders in our Enterprise Transformation, Public Sector and Compliance teams to ensure all teams are coordinated on this business-critical endeavor.

The Cybersecurity Compliance Lead/Associate Director is expected to work with the project manager and team to identify all required Work Breakdown Structure (WBS) task elements and oversee their execution through coordination with the Client and contractor security and IT staff. Additionally, the CMMC/171 PMO Lead/Associate Director will be expected to ensure all cost, schedule, and performance metrics are tracked against a defined budget. The CMMC/171 PMO Lead/Associate Director will also work with the project manager on the completion and maintenance of a project plan to ensure all tasks, options, and decision points remain on schedule with minimal impact to Client operations.

Additionally, this role is required to work closely with IT and security staff to ensure technical implementations are accomplished in a manner that meets the security requirements objectives. Documentation will include policy and procedures material with project plan style content for security domains. Technical documentation includes content necessary to meet security requirements for implementation descriptions within System Security Plans, policy, NIST-based plans, procedures, and testing methodologies. The scope of work also includes horizontal coordination across technical teams and preparation of briefings to outline design options, cost benefit analysis, and impact to operational activities. The role includes technical research to identify the latest or most appropriate technology options that fit within Client operating objectives and enterprise architecture goals. Desired areas of experience include SecDevOps, NIST RMF, FISMA, FedRAMP, DFARS 171, DoD CMMC, HIPAA Security Rule, and ISO 27001/2.

Primary Job Responsibilities:

• All leadership and management roles include hands on support and execution
• Lead/manage the creation and execution of program activities to achieve current DFARS 171 compliance at an acceptable risk level
• Lead/manage the creation and execution of program and project actives to achieve CMMC compliance including coordination with related government regulations (e.g. ISO, HIPAA)
• Manage, direct, and conduct interpretation of technical security controls for system implementation
• Manage, direct, and conduct formulation of control implementation descriptions for creation of system security plans
• Manage, direct, and support creation of architecture drawings to define system boundaries for system security plans
• Manage the creation and execution of security test activities to confirm security control implementations are meeting control objectives
• Manage and support implementation and configuration of technical controls or systems in accordance with NIST, DFARS 171, and CMMC standards
• Coordination with FedRAMP 3PAO and CMMC C3PAO activities for technical controls adjustments and remediation

Secondary Job Responsibilities:

• Collaboration with systems engineers and architects for adjustments to enterprise or security architectures
• Support to security architecture initiatives to meet security controls objectives
• Participation in design/build work sessions for security controls advisory

Qualifications:

Technical Skills and Core Competencies Required:

• Preferred Certifications: CISSP, CISM, CRISC, CDPSE
• Must be familiar with CMMC, NIST SP800-171, FISMA, and FedRAMP with a solid understanding of the NIST Special Publications (SP) and Federal Information Processing Standards (FIPS) series
• Must have a basic background and understanding of SecDevOps, information technology, networking, virtual environments, and cloud architectures
• Must have strong understanding of NIST 171
• Must have CMMC knowledge or experience going through certification process
• Basic understanding of operating systems and security baselines (e.g. DISA STIG, CIS, USGCB)
• Experience with vulnerability scanning and penetration testing.
• Experience with implementation of security tools and configurations
• Must be a US Citizen with the ability to get a secret clearance
• Minimum Education – Bachelor Degree