CMMC Program Manager

The CMMC Program Manager is responsible for leading clients through NeoSystems Security Program Management solution and driving the overall maturity of our security program. This role oversees the development, implementation, and continuous improvement of cybersecurity compliance activities, ensuring alignment with regulatory requirements and industry best practices. The ideal candidate brings strong program management capabilities paired with hands‑on expertise in security controls, risk management, and governance frameworks. This leader partners closely with IT, engineering, legal, procurement, and executive stakeholders to maintain a robust, audit‑ready security posture that supports organizational objectives.

Role and Responsibilities:
CMMC Program Leadership
• Lead the clients CMMC readiness, certification, and sustainment efforts across all required domains.
• Conduct gap assessments against CMMC practices and processes; develop and manage remediation roadmaps.
• Oversee creation and maintenance of required documentation, policies, SSPs, POA&Ms, and evidence repositories.
• Coordinate with external assessors, RPOs, and C3PAOs during audits and assessments.
• Ensure continuous compliance and maturity progression as CMMC requirements evolve.

Security Program Management
• Develop, implement, and maintain the enterprise security program aligned with NIST 800‑171, NIST CSF, ISO 27001, and other relevant frameworks.
• Manage cross‑functional security initiatives, including risk assessments, vulnerability management, incident response planning, and third‑party risk.
• Establish KPIs, metrics, and reporting mechanisms to track program performance and communicate status to leadership.
• Drive policy development, lifecycle management, and organizational adoption of security standards.
• Partner with IT and engineering teams to ensure security controls are implemented effectively and sustainably.
Governance, Risk & Compliance
• Lead internal audits, control testing, and continuous monitoring activities.
• Maintain a strong understanding of federal contracting requirements, DFARS 252.204‑7012, and related compliance obligations.
• Support contract reviews, security clauses, and customer assurance activities.
• Identify risks, propose mitigation strategies, and ensure timely remediation.
Stakeholder Engagement & Leadership
• Serve as a trusted advisor to senior leadership on cybersecurity maturity and compliance posture.
• Provide guidance and training to internal teams on CMMC practices and security best practices.
• Foster a culture of security awareness and accountability across the organization.
• Manage vendor relationships related to cybersecurity tools, assessments, and advisory services.
• Responsible for initial delivery of CMMC Program with program & deliverable oversight for CMMC clients.
• Lead the implementation of documented strategies to achieve and maintain compliance with CMMC requirements across designated products.
• Collaborate with other relevant departments to ensure a comprehensive approach to CMMC compliance.
• Participate in client information security risk and compliance assessments and audits.
• Lead client gap analysis and remediation plans.
• Lead Incident Response Tabletop exercises and supporting efforts.
• Deliver external processes to support the overall maturity of the Federal practice within client organizations.

Qualifications:
• Bachelor’s degree in information systems or related field
• 5-10 years of experience in consulting, compliance, and cybersecurity or security program experience.
• CISSP or equivalent certification required or equivalent work experience
• Strong understand of security governance, risk management, and control frameworks.
• Strong understanding of CMMC framework and its requirements.
• Excellent communication and people skills to effectively interact with various stakeholders.
• Ability to lead and influence cross-functional teams towards a common goal.
• Detail-oriented with strong analytical and problem-solving skills.
• Provide ability to manage complex, cross-functional programs to drive results.
• CMMC-RPA certification required within first 90 days of employment.

Additional Notes
• Ability to travel
• Location: Remote but must be within the continental United States

Where required by law, this posting includes a good‑faith pay range for candidates who will perform the role in specific jurisdictions. For other locations, the actual compensation may differ. Final compensation will be determined based on qualifications, experience, skills, work location, internal equity, and current market data. This job posting is not a contract or promise of employment or any particular compensation, and any employment offer will be set out in a written offer letter.

EOE M/F/D/V

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.