Manager, Cybersecurity & Privacy Advisory Practice; CMMC​/DIB Focus

Manager, Cybersecurity & Privacy Advisory Practice (CMMC / DIB Focus)

PKF O’Connor Davies is a top‑ranked accounting, tax, and advisory firm with offices across the United States and internationally through our PKF global network. For over a century, we have built our reputation on deep industry expertise, a personalized approach, and a commitment to delivering real value to our clients. Our mission is to provide exceptional service while fostering long‑term relationships built on trust and integrity;

we serve a diverse client base across industries and sectors, helping organizations and individuals navigate complex challenges with confidence.

We are seeking a Manager, Cybersecurity & Privacy Advisory (CMMC / DIB Focus) to lead and execute engagements supporting clients within the Defense Industrial Base (DIB) and other regulated sectors. This individual will bring hands‑on experience in Cybersecurity Maturity Model Certification (CMMC) Level 1, 2, and 3 assessments, NIST 800‑171 / 800‑53 / RMF implementation, and DFARS compliance. The ideal candidate holds a CMMC Certified Assessor (CCA) Tier 3 credential and demonstrates strong understanding of federal cybersecurity frameworks and programmatic risk management.

This role requires practical judgment, technical fluency, and the ability to translate complex compliance requirements into achievable, measurable program outcomes for our clients.

• Lead and manage cybersecurity advisory engagements for DIB clients, focusing on CMMC readiness, assessment, and program improvement.
• Conduct and oversee CMMC assessments in accordance with DoD and Cyber AB standards.
• Evaluate, develop, and maintain System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and Security Assessment Reports (SARs).
• Perform gap analyses and control assessments against NIST SP 800‑171, NIST SP 800‑53, NIST CSF, and ISO 27001, identifying realistic paths to compliance and maturity.
• Guide clients through DFARS 252.204‑7012/7019/7020/7021 compliance requirements and related DoD contracting cybersecurity obligations.
• Assist in developing cybersecurity governance frameworks and inheritable control matrices that align with clients’ business and regulatory requirements.
• Participate in internal development of firm CMMC methodologies, templates, and training materials.
• Work on other engagements across the Cybersecurity & Privacy Advisory team as needed.
• Support proposal efforts and practice growth activities, emphasizing practical, right‑sized solutions over theoretical approaches.
• Mentor staff, promote knowledge sharing, and contribute to a collaborative and learning‑oriented team culture.

• Bachelor’s degree in Information Systems, Cybersecurity, or a related discipline (Master’s preferred).
• 5+ years of cybersecurity consulting or compliance experience, including work with DIB or federal‑sector clients.
• Active CMMC Certified Assessor (CCA Tier 3) certification.
• Active CISSP or CISA certification (required).
• Strong knowledge of NIST SP 800‑171, NIST SP 800‑53, NIST CSF, and ISO 27001 frameworks.
• Hands‑on experience developing and reviewing SSPs, POA&Ms, and SARs.
• Familiarity with DFARS and DoD cybersecurity compliance workflows.
• Exceptional communication and analytical skills with the ability to convey technical information clearly to both technical and non‑technical audiences.
• Managing multiple projects simultaneously while maintaining attention to detail and quality.
• Building trusted relationships with clients and team members through transparency, accountability, and responsiveness.
• Demonstrating strong analytical, critical thinking, and problem‑solving skills.
• Adapting quickly to changing requirements, demonstrating flexibility and resilience in complex client environments.
• Contributing to a culture of collaboration, professional growth, and continuous learning.
• Communicating clearly and concisely, both in writing and verbally, producing deliverables that are actionable and client‑focused.
• Maintaining professionalism and discretion when handling sensitive information.

• Location:
  
  Can work from any PKF O’Connor Davies office. Hybrid…