Senior Project Manager

Job Description

CMMC Program Manager

Position Summary

The CMMC Program Manager for Level 2 Cybersecurity leads the planning, execution, and governance of the organization's compliance with NIST SP 800‑171 and CMMC Level 2 requirements. This role oversees the people, processes, and technologies required to protect Controlled Unclassified Information (CUI), ensuring readiness for assessments by a Certified Third‑Party Assessment Organization (C3

PAO). This role will partner with other corporate entities to drive cybersecurity initiatives, manage compliance projects, and maintain continuous adherence to federal contract requirements.

Key

Roles & Responsibilities :

* Serve as the primary liaison between corporate leadership, Operations, and technical teams regarding CMMC Level 2 requirements.

* Lead the development, execution, and maintenance of the organization's CMMC compliance roadmap.

* Establish governance structures, reporting mechanisms, and project controls to ensure sustained compliance.

* Oversee cross‑functional project teams, set priorities, assign tasks, and ensure milestones are met.

CUI Identification & Operational Integration

* Collaborate with Operations to determine whether proposals, projects, or pursuits involve CUI.

* Ensure all CUI‑related activities follow NIST SP 800‑171 controls and CMMC Level 2 requirements.

* Guide operational teams through required cybersecurity processes, documentation, and evidence collection.

Security Controls Implementation

* Manage implementation of the 110 NIST SP 800‑171 security requirements across people, processes, and technology.

* Coordinate with IT and security teams to ensure technical controls (e.g., MFA, logging, access control, encryption) are properly deployed and maintained.

* Track Plan of Action & Milestones (POA&M) items and ensure timely remediation.

Vendor & Supply Chain Risk Management

* Ensure third‑party vendors, subcontractors, and service providers meet CMMC Level 2 requirements.

* Review contracts, validate vendor compliance, and manage supply chain cybersecurity risks.

Audit & Assessment Readiness

* Prepare documentation, artifacts, and evidence required for internal reviews and external C3

PAO assessments.

* Lead mock assessments, gap analyses, and readiness reviews.

* Maintain continuous compliance posture and ensure audit findings are addressed promptly.

Training, Awareness & Workforce Eligibility

* Partner with HR to ensure employees working with CUI meet eligibility and screening requirements.

* Develop and deliver cybersecurity awareness and role‑based training programs.

* Promote a culture of security across the organization.

Risk Management & Reporting

* Identify cybersecurity risks, evaluate impact, and recommend mitigation strategies.

* Provide regular updates to leadership on compliance status, risks, and project progress.

* Maintain documentation, policies, and procedures aligned with federal cybersecurity standards.

Required

Skills & Experience:

* Bachelor's degree in technical discipline practices by the Firm including Engineering, Environmental Science or Geology and a minimum of 10 years' related experience. Or in lieu of a degree, a minimum of 14 years' related experience.

* Extensive program or project management experience leading complex, cybersecurity initiatives.

* Deep knowledge of CMMC Level 2, NIST SP 800‑171, and related frameworks (e.g., NIST CSF).

* Experience supporting cybersecurity compliance for federal contracts or defense‑related projects.

* Travel up to 50%.

* Strong understanding of audit processes, evidence collection, and risk analysis methodologies.

* Experience preparing for or participating in C3

PAO assessments.

* Ability to influence and collaborate with stakeholders across technical and non‑technical teams.

* Excellent communication, leadership, and organizational skills.

* Experience with organizational change management is beneficial.

* Valid driver's license with acceptable violation history.
* #LI-SC1

About Terracon

Terracon is a 100 percent employee-owned multidiscipline consulting firm comprised of more than 8,000 curious minds focused on solving engineering and technical challenges from more than 200 locations…