IT Security & Compliance Manager

CTS Engines

$90K — $130K *
Aerospace & Defense
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Deep knowledge of NIST SP 800-171 and CMMC Level 2 requirements.
  • Experience in writing and maintaining IT policies and System Security Plans (SSPs).
  • Proven track record in managing formal IT audits or third-party assessments.
  • Strong background in enterprise firewall and network security management.
  • Hands-on experience with Endpoint Detection and Response (EDR) platforms.
  • Familiar with Microsoft 365 GCC High administration and secure data handling procedures.
  • Must be a U.S. Citizen to access CUI/ITAR-regulated data.

Responsibilities

  • Own and enforce compliance with NIST SP 800-171 and CMMC standards.
  • Oversee the security configurations across technical systems and platforms.
  • Manage security policies for Microsoft 365 GCC High to prevent data mishandling.
  • Map and control the flow of Controlled Unclassified Information (CUI).
  • Lead incident response and ensure reporting compliance with DFARS.
  • Conduct vulnerability scans and manage remediation efforts across IT infrastructure.
  • Evaluate third-party vendors for DFARS compliance requirements.

Benefits

  • Opportunity to lead compliance initiatives in a critical sector.
  • Engage in hands-on management of advanced security technologies.
  • Work in a collaborative environment with a focus on continuous improvement.
  • Gain recognition in the defense supply chain under rigorous standards.
Full Job Description
Position Overview

We are seeking an IT Security & Compliance Manager to oversee, maintain, and defend our digital infrastructure while strictly enforcing federal cybersecurity requirements. In this role, you will own our compliance posture, ensuring full alignment with NIST SP 800-171, DFARS [redacted], and CMMC Level 2.

The ideal candidate bridges the gap between technical execution and regulatory governance. You will be responsible for managing security operations, maintaining our System Security Plan (SSP), closing Plan of Action and Milestones (POA&M) items, and preparing the organization for a formal third-party CMMC assessment.

Key Responsibilities
  • CMMC & NIST Governance: Own, update, and enforce the System Security Plan (SSP) and Plan of Action and Milestones (POA&M). Ensure all 110 practices of NIST SP 800-171 are fully implemented and auditable.
  • Infrastructure Security Oversight: Oversee the security posture of our technical stack, ensuring secure configurations across firewalls, Endpoint Detection and Response (EDR), Remote Monitoring and Management (RMM), and cloud environments.
  • Cloud & Tenant Security: Manage data enclave boundaries and security policies, specifically optimizing and maintaining a Microsoft 365 GCC High environment to prevent CUI spillage.
  • Data Flow & CUI Management: Map, audit, and control the flow of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) across all internal and external systems.
  • Incident Response & DFARS Reporting: Lead the incident response team. Ensure full compliance with DFARS [redacted], including rapid reporting of cyber incidents to the DoD Cyber Crime Center (DC3) within 72 hours.
  • Vulnerability & Patch Management: Conduct regular internal audits, vulnerability scans, and risk assessments. Prioritize and remediate vulnerabilities across servers, endpoints, and network devices.
  • Vendor & Supply Chain Risk: Evaluate subcontractors and third-party vendors to ensure they meet mandatory DFARS flow-down requirements.


Requirements

Required Skills & Qualifications

Compliance & Regulatory Expertise:
  • Deep, practical knowledge of NIST SP 800-171, NIST SP 800-53, DFARS 252.204-7012, and CMMC Level 2 requirements.
  • Proven experience writing, editing, and maintaining institutional IT policies, SSPs, and technical restoration playbooks.
  • Experience navigating formal external IT audits or third-party assessments (C3PAO).

Technical Environment Experience:
  • Strong background managing enterprise firewalls and network segmentation.
  • Hands-on experience with modern EDR platforms and centralized RMM tools for patch deployment and monitoring.
  • Deep familiarity with Microsoft 365 GCC High tenant administration, including data classification and sensitivity labels.
  • Familiarity with secure file migration, data backup architectures, and Disaster Recovery (DR) execution.

Education & Experience Requirements
  • Education: Bachelor's degree in Cybersecurity, Computer Science, IT Management, or a related technical field (equivalent practical experience considered).
  • Experience: 5+ years of experience in IT systems administration or cybersecurity, with at least 2 years directly managing compliance frameworks within the DoD supply chain.
  • Citizenship: Must be a U.S. Citizen (required for accessing/managing CUI/ITAR-regulated data).
  • Certifications (Highly Desired):
    • Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
    • CMMC Certified Professional (CCP) or CMMC Certified Assessor (CCA).
    • CompTIA Security+ or CySA+ (minimum baseline).

Similar Jobs

More Jobs at CTS Engines

  • Powerplant Engineer
    $80K — $110K *
    Coral Springs, FL 33065 (Broward County)
    Aerospace & Defense
    In-Person
  • Configuration Manager
    $75K — $95K *
    Coral Springs, FL 33065 (Broward County)
    Aerospace & Defense
    In-Person
  • Lead Configuration Analyst
    $85K — $110K *
    Coral Springs, FL 33065 (Broward County)
    Aerospace & Defense
    In-Person
  • Technical Training Manager
    $75K — $95K *
    Coral Springs, FL 33065 (Broward County)
    Aerospace & Defense
    In-Person

More Aerospace & Defense Jobs

Find similar IT Security & Compliance Manager jobs: