Information Security Compliance Manager

Information Security Compliance Manager

Location: Remote

Employment Class: Full Time Regular

FLSA Classification: Exempt - Salaried

Position Reports to: General Manager

Position Summary:

Command Cyber Solutions (a federal government contractor) is seeking a qualified Information Security Compliance Manager who will partner with senior executives to implement best security practices across IT processes, ensuring alignment with business needs, regulatory compliance, and technology operations within the PBDC-Federal Group. This role will oversee risk management and compliance with CMMC, NIST 800-171, DFARS, and ISO 27001, while acting as a bridge between business units, shared services (PFS), and the IT department. Responsibilities will include adherence to government contracting security requirements and leading and overseeing all CMMC Certification initiatives, Supply Chain Risk Management (SCRM) initiatives, and enterprise cybersecurity compliance, and identifying emerging technology risks. The ideal candidate will provide executive reports, initiate and manage assigned projects, and enhance communication between business units, shared services (PFS), and the IT Department to ensure compliance and drive organizational success.

Essential Duties & Responsibilities:

*Partner with members of the senior executive team to implement SCRM and CMMC requirements, in accordance with CMMC 2.0, NIST 800-171, DFARS, and ISO 27001.
*Develop and oversee documentation and implementation of security policies and procedures applicable to Federal Group business units and shared services departments.
*Work closely with legal, procurement, IT department, and business units to enforce SCRM and CMMC compliance; guide implementation and improvement selections based on an in-depth understanding of corporate technology goals, plans, security limitations, compliance and impact on the broader Federal Group infrastructure.
*Attend meetings as needed and prepare presentations on relevant subjects.
*Work in such a way as to maintain compliance with federal and state laws and government contracting IT/security requirements.
*Maintain knowledge of trends, best practices, regulatory changes, and new technologies relevant to the various departments and divisions of the organization.
*Support executive leadership in their strategic technology partnerships management.
*Represent the needs of SCRM and CMMC across the business unit leadership, helping personnel to understand federal requirements.
*Manage relationships to keep communication channels open, communicating regularly with stakeholders at all levels, from hands-on personnel to executives.
*Be approachable and willing to listen to stakeholder concerns with compliance requirements. Provide leadership with clear, concise and useful information about SCRM and CMMC requirements.
*Maintain a risk register detailing SCRM and CMMC compliance, with impact to PBDC-FG's ability to win and perform work.
*Serve as a resource for executives and department heads for CMMC and SCRM compliance questions.
*Lead the implementation and maintenance of CMMC compliance, ensuring alignment with federal cybersecurity requirements.
*Ensure security compliance practices are implemented in existing subcontracts and consulting agreements, and flowed down to future new subcontracts and consulting agreements.
*Oversee and collaborate with business units, shared services (PFS), and IT department on SCRM policies.
*Conduct security audits, risk assessments, and gap analyses to identify potential vulnerabilities and ensure compliance with security best practices and policies.
*Educate leadership on policies and procedures needs in accordance with NIST 800-171, DFARS, ISO 27001, and other regulatory standards.
*Collaborate, as needed, to ensure cybersecurity compliance across the supply chain.
*Lead audit preparation efforts for government assessments.
*Stay up to date with evolving federal regulations, cybersecurity threats, and industry best practices.
*Prepare detailed monthly reports for the executive team, advising them of work accomplished, major issues addressed, regulatory changes, and other pertinent data that leads to the successful execution and maturation of the compliance system of record.
*Special projects as assigned.

Education and Experience Requirements:

*Bachelor's degree in information security, cybersecurity, IT management, or a related field.
*Five (5)+ years of experience in IT compliance, cybersecurity governance, or risk management.
*Proven experience implementing CMMC, NIST 800-171, and DFARS 252.204-7012 compliance programs.
*Expertise in Supply Chain Risk Management (SCRM) and third-party risk mitigation.
*Strong understanding of cybersecurity frameworks (e.g., NIST CSF, ISO 27001, FedRAMP).
*Experience conducting security audits, gap analyses, and risk assessments.

Knowledge, Skills and Abilities:

*Proficient in all Microsoft office applications.
*Excellent project management, analytical, interpersonal and communication skills.
*Strong analytical and problem-solving abilities.
*Strategic thinking and planning skills.
*Presentation and public speaking skills.

Working Conditions/Working Environment/Physical Demands

*The employee frequently is required to sit and is occasionally required to stand.
*The employee must occasionally lift and/or move up to 25 pounds.
*Visual acuity: Vision must be adequate to perform all required job description tasks in a safe manner.
*The noise level in the work environment is usually moderate to quiet.
*Work is usually done in a home office setting.
*Occasional travel may be required.

#ClearanceJobs

Command Cyber Solutions is an equal opportunity employer.In order to provide equal employment opportunities for all applicants and advancement opportunities to all employees, employment decisions at Command Cyber Solutions will be based on merit, qualifications and abilities. Command Cyber Solutions does not discriminate in employment opportunities or practices on the basis of race, color, religion, sex, national origin, age, disability, marital status or any other characteristic protected by law.