ASRC Federal is looking for detail-oriented and motivated
Cybersecurity Manager of Compliance to join our team in a government contracting (GovCon) environment. The management role is:
- Responsible for:
- Leading, maturing, and overseeing enterprise cybersecurity compliance programs in DoD contractor environments.
- Providing strategic oversight for audit readiness, compliance operations, POA&M lifecycle management, documentation accuracy, and the continuous monitoring of compliance obligations across the enterprise.
- Accountable for ensuring full alignment with CMMC Level 2 and Level 3 requirements, NIST SP 800-171, NIST SP 800-53, NIST SP 800-161 (C-SCRM), risk governance frameworks, and enterprise security policy and procedure development.
- A full-time hybrid role with 2 days in our Reston, VA office.
Key Responsibilities- CMMC Level 2 & Level 3 Compliance Leadership
- Lead enterprise readiness, execution, and sustainment for CMMC Level 2 and Level 3 certification.
- Coordinate internal teams, external assessors, and evidence collection activities.
- NIST SP 800-171 Compliance
- Oversee all practices for safeguarding Controlled Unclassified Information (CUI).
- Maintain SSPs, POA&Ms, and associated cybersecurity documentation.
- Manage security assessments and deliver continuous monitoring activities.
- NIST SP 800-53 & RMF Execution
- Implement and manage 800-53 security and privacy controls across systems.
- Guide teams through categorization, control selection, assessments, and mitigation.
- NIST SP 800-161 (Cyber Supply Chain Risk Management)
- Develop and manage supplier cybersecurity assurance processes.
- Conduct vendor cybersecurity evaluations and ensure compliance flow-down requirements.
- Enterprise Policy & Procedure Development
- Develop, maintain, and govern enterprise information security policies and procedures.
- Ensure alignment with federal, DoD, and internal security frameworks.
- Compliance Governance & Reporting
- Develop compliance dashboards, metrics, and executive reports.
- Lead internal audits, compliance reviews, and external audit preparation.
- Team Leadership
- Lead a team of compliance analysts and cybersecurity professionals.
- Provide mentorship, clarity of direction, and performance oversight.
Required Qualifications- Bachelor's degree in cybersecurity, information systems, engineering, or equivalent experience.
- 10+ years of cybersecurity experience with at least 5 years in compliance leadership roles, OR
- 8+ years of cybersecruity experience with at least 3 years in compliance leadership roles with a Master's degree in cybersecurity or information systems, or related field.
- Deep understanding of CMMC Level 2 and Level 3 frameworks.
- Comprehensive knowledge of NIST SP 800-171, NIST SP 800-53, and NIST SP 800-161.
- Experience in DoD contractor environments managing CUI and DFARS cybersecurity requirements.
- Experience developing enterprise policies, standards, and procedures.
- CISM or CISSP certification is required.
- Strong communication, leadership, and cross-functional collaboration skills.
- U.S. Citizenship required; ability to obtain and maintain a security clearance may be required depending on contract.
Preferred Qualifications- CCSP, CCP, CCA, CRISC, CAP, CCAK, or CMMC Certified Professional/Assessor.
- Experience with eMASS, SIEM/SOC tools, and GRC platforms.
- Experience with supplier cybersecurity assessments and C-SCRM initiatives.
Additional Information- Reports to: Vice President Chief Information Security Officer
- Travel: Minimal (0-10%)
- Clearance: Secret clearance preferred but not required; may be required based on project needs.
We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law. The salary offered will depend on several factors including, but not limited to, relevant experience, skills, education, geographic location, internal equity, business needs, and other factors permitted by law. Posted pay ranges are a general guideline only and are not a guarantee of compensation or salary.
