About the Company
Leonard Workforce Solutions is conducting a confidential search on behalf of a growing organization seeking a qualified candidate for the following position. Our client, a long-standing Department of Defense manufacturer supporting mission-critical defense and aerospace programs, is hiring a Cybersecurity & Compliance Specialist to lead the company's CMMC and CUI compliance program.
About the Role
Reporting to the IT & Systems Manager, this role owns the organization's cybersecurity posture, governance, readiness, training, and ongoing certification activities for information systems subject to CMMC and handling Controlled Unclassified Information. This is a hands-on leadership role. You will drive the strategic roadmap to achieve and maintain CMMC Level 2 compliance, own and maintain the System Security Plan (SSP) and POA&Ms, oversee implementation of NIST SP 800-171 controls, and serve as the primary liaison with customers, internal leadership, Registered Practitioner Organizations (RPO), and Certified Third-Party Assessor Organizations (C3PAO).
Responsibilities
- Provide governance and program management for CMMC Level 2 and NIST SP 800-171 compliance, including readiness assessments, gap analysis, and remediation planning
- Maintain and update the SSP, POA&Ms, risk assessments, and Information System Security (ISS) policies
- Submit and maintain data in PIEE, SPRS, and related DoD compliance systems
- Monitor applicable FAR/DFARS clauses and emerging regulatory requirements
- Lead incident response, disaster recovery, and business continuity planning activities
- Develop and deliver cybersecurity, CUI, and risk-awareness training (onboarding and annual)
- Oversee continuous monitoring, logging, vulnerability scanning, and system hardening in coordination with internal IT staff and External Service Providers (MDR, MSP, MSSP)
- Support supplier and vendor compliance efforts in partnership with Supply Chain
- Coordinate annual CMMC attestation and ongoing audit readiness
Qualifications
- Bachelor's degree in Computer Science, Information Systems, or a specialized cybersecurity program
- Minimum three years of experience across cybersecurity threat monitoring and remediation, corporate policy implementation, user training, Windows Server administration, Microsoft Entra ID, and Microsoft 365 / Exchange administration
- Must be a U.S. Person and authorized to access ITAR and EAR controlled technical data
- Previous employment with a Department of Defense contractor preferred
- Previous experience with CMMC and NIST 800-171 compliance preferred
Required Skills
- CMMC Level 2
- NIST SP 800-171
- Controlled Unclassified Information (CUI)
- System Security Plan (SSP) & POA&M
- Risk Assessment & Governance
- Incident Response
- Microsoft Entra ID
- Microsoft 365 / Exchange Administration
- Windows Server Administration
- Security Awareness Training
Pay range and compensation package
Compensation will be discussed with qualified candidates.
Equal Opportunity Statement
We are committed to diversity and inclusivity.
