Security Compliance Manager - ITAR​/CUI

Overview

Job Family: Software

Req : 494267

Siemens Digital Industry Software is at the forefront of digital transformation, creating technology solutions that enable businesses to thrive in an increasingly connected world. Our Global Technology Infrastructure team plays a crucial role in maintaining the security and integrity of our digital engineering environments, ensuring robust compliance with industry-leading standards.

We are seeking a highly skilled and experienced Security Compliance Manager to lead and mentor our dedicated team of Security Systems Engineers. This pivotal role involves overseeing the strategic implementation and continuous adherence to stringent security and compliance frameworks, particularly those protecting sensitive data under U.S. regulations like ITAR, CUI, and EAR. As a Security Compliance Manager, you will be instrumental in guiding the team responsible for deploying, maintaining, and enhancing our Gov Secure Chambers, ensuring unwavering compliance with CMMC Level 2 rules built around NIST 800-171 Controls.

• Team Leadership & Development:
  Lead, mentor, and manage a high-performing team of Security Systems Engineers, fostering a culture of excellence, continuous improvement, and professional growth.

• Strategic Compliance Oversight:
  Develop, implement, and enforce security policies, standards, and procedures to ensure comprehensive compliance with U.S. regulations (ITAR, CUI, EAR) and cybersecurity frameworks (CMMC Level 2, NIST 800-171).

• Program Management:
  Oversee the deployment, maintenance, and continuous enhancement of Gov Secure Chambers and other secure system environments, ensuring they meet or exceed industry security standards.

• Audit &
  
  Risk Management:
  
  Lead compliance audits, conduct comprehensive risk assessments, and manage vulnerability remediation programs. Develop and track robust remediation plans to address identified gaps and ensure perpetual audit readiness.

• Stakeholder Engagement:
  Act as a primary point of contact for internal stakeholders regarding security compliance matters, providing expert guidance and ensuring strategic alignment across various departments.

• Process Automation & Efficiency:
  Drive initiatives to automate compliance processes and reporting, enhancing operational efficiency and accuracy within the team's scope.

• Continuous Improvement & Threat Intelligence:
  Ensure the team stays abreast of the latest developments in CMMC, NIST, and other relevant cybersecurity frameworks, proactively integrating necessary changes and enhancements into our security posture.

• Cross-Functional Collaboration:
  
  Partner effectively with cross-functional teams (e.g., IT, Legal, Engineering) to integrate security and compliance requirements into all stages of system development and operation.

• Bachelor’s degree in Cybersecurity, Engineering, Computer Science, Information Technology, or a related field. A Master’s degree is preferred.

• Minimum 10+ years of progressive experience in cybersecurity, with at least 3-5 years in a leadership or management role overseeing security operations or compliance teams.

• Deep expertise in U.S. regulatory compliance frameworks, including ITAR, CUI, and EAR.

• Extensive experience with the Cybersecurity Maturity Model Certification (CMMC) framework (L2 preferred) and NIST 800-171 controls, including leading audit preparation and remediation efforts.

• Proven track record of developing, implementing, and managing security compliance programs in complex, highly regulated environments.

• Demonstrated understanding of secure system environments, including Gov Secure Chambers, virtualization technologies (VMware, Proxmox, Open Stack), and infrastructure monitoring (Prometheus/Grafana, Zabbix). While not a hands-on role, the ability to guide and evaluate technical solutions is crucial.

• Experience with security tooling for vulnerability scanning, penetration testing, and security information and event management (SIEM).

• Familiarity with IT service management platforms (e.g., Service Now) and project management tools (e.g., Jira) for tracking compliance initiatives. Exceptional leadership and team management skills, with the ability to inspire, mentor, and develop a high-performing team of security engineers.

• Strategic thinker with the ability to translate complex regulatory requirements into action able security policies and procedures.

• Strong analytical and problem-solving abilities, with a proactive approach to identifying and mitigating compliance risks.

• Outstanding communication and interpersonal skills, capable of engaging effectively with all levels of the organization, including executive leadership and external auditors.

• Experience working in a global organization and navigating diverse compliance landscapes is a significant plus.

• Certified Information Security Manager (CISM)

• Certified Information Systems Security Professional (CISSP)

• Certified in Risk and Information Systems Control (CRISC)

• Certified CMMC…