Senior Cybersecurity & Compliance Manager

Senior Cybersecurity & Compliance Manager

The Senior Cybersecurity and Compliance Manager is responsible for establishing, managing, and continuously improving the company's internal information security, cybersecurity compliance, and risk management programs. This leadership role ensures the organization meets all obligations associated with supporting state and local government clients, federal civilian agencies, and DoD contractors, including compliance with NIST SP 800-171, CMMC, ISO/IEC 27001:2022, and PCI-DSS (as required).

Reporting directly to the General Counsel, the Senior Cybersecurity and Compliance Director drives internal cybersecurity governance, oversees enterprise risk decisions, ensures regulatory and contractual compliance, and serves as the final authority over all internal security controls, policies, security operations, and incident response.

• Develop and execute a corporate cybersecurity strategy aligned with business objectives, risk appetite, regulatory requirements, and government contracting obligations.
• Lead the internal security function, including security engineering, security operations, governance, and privacy alignment.
• Advise the General Counsel and executive leadership team on cyber risk, compliance exposure, and major security decisions.
• Provide regular reporting to executive leadership, the CEO, and the Board on security posture, risks, incidents, and compliance programs.

• Responsible for corporate compliance with all government and industry cybersecurity frameworks:
• NIST SP 800-171
• CMMC (current and emerging versions)
• DFARS  obligations
• FAR & agency‑specific security clauses for civilian agency support
• State and local government IT security requirements
• ISO/IEC 27001:2022
• PCI‑DSS (as applicable)
• Oversee the internal Information Security Management System (ISMS) and maintain certification readiness.
• Lead internal audits, evidence collection, POA&M management, and continuous monitoring.
• Maintain a current System Security Plan (SSP), risk register, and compliance documentation library.
• Ensure all contractual cybersecurity clauses and flow‑downs are properly implemented across the organization.

• Lead enterprise security operations, including vulnerability scanning and remediation, endpoint and mobile device security, network and cloud security (Azure/AWS/O365, etc.), identity and access management (IAM/MFA/privileged access) and SIEM, logging, and monitoring.
• Oversee the enterprise's incident detection and response program, including tabletop exercises, escalation procedures, after‑action reporting, and legally mandated notifications.
• Ensure secure design and implementation of all internal IT systems, SaaS platforms, and corporate infrastructures.

• Own and manage the corporate cybersecurity risk management program.
• Conduct and oversee periodic risk assessments and ensure appropriate risk treatment decisions.
• Present risk acceptance or mitigation recommendations to the General Counsel and executive team.
• Ensure cybersecurity is fully integrated with enterprise risk, legal review, and corporate governance processes.

• Work closely with the General Counsel on regulatory compliance, contract reviews incident response coordination, data protection and privacy obligations and government security clauses and reporting.
• Collaborate with Finance, HR, IT, Sales, and Operations to embed security into enterprise processes, onboarding/offboarding, procurement, and solution development.
• Support Sales and Contracts on internal security representations (e.g., RFP responses, vendor security reviews).

• Oversee third‑party risk assessments, due diligence, contract security language, and ongoing monitoring.
• Ensure that subcontractors, SaaS applications, cloud services, and strategic partners meet internal and client‑imposed security requirements.
• Maintain and enforce vendor security policies and security addenda.

• Bachelor's degree in cybersecurity,…