Cybersecurity Compliance Program Manager (GRC)

Job Summary:

The Cybersecurity Compliance Program Manager leads and oversees the organization's comprehensive cybersecurity compliance initiatives, ensuring alignment with key standards such as CMMC, ISO 27001, SOX, PCI DSS, and Cyber Essentials.

This role is responsible for developing and maintaining compliance policies, coordinating and managing internal and external audits, conducting risk assessments, and driving remediation efforts.

The manager collaborates with cross-functional stakeholders to ensure regulatory adherence, proactively identifies areas for process improvement, and provides expert guidance to mitigate organizational risk while supporting a culture of security and compliance.

Responsibilities and Tasks


* Lead Cybersecurity Compliance Program:


* Serve as the primary owner for all cyber compliance initiatives, policies, and processes.


* Drive compliance strategy and execution across the organization.

CMMC Compliance Leadership:

Oversee all activities related to achieving and maintaining Cybersecurity Maturity Model Certification (CMMC) compliance.

Coordinate gap assessments, remediation plans, and evidence collection.

Manage Multi-Framework Compliance:

Ensure compliance with additional standards and regulations, including:


* ISO 27001


* Cyber Essentials


* SOX (Sarbanes-Oxley)


* PCI DSS (Payment Card Industry Data Security Standard)

Develop and maintain documentation, policies, and procedures aligned with these frameworks.

Audit Coordination:

Act as the primary point of contact for internal and external audits.

Prepare and present compliance evidence and reports to auditors and leadership.

Risk Management:

Identify compliance risks and develop mitigation strategies.

Maintain a compliance risk register and track remediation efforts.

Stakeholder Engagement:

Collaborate with IT, Security, Legal, and Business teams to ensure compliance requirements are understood and met.

Provide training and awareness programs related to compliance obligations.

Education, Experience/Knowledge & License/Certification


* Bachelor's degree in Cybersecurity, Information Technology, or related field


* 7+ years of experience in Governance, Risk, and Compliance roles.


* Strong knowledge of CMMC and DFARS requirements.


* Certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor are highly desirable.

Skills and Abilities


* Experience managing audits and regulatory assessments.


* Excellent communication and leadership skills (without direct people management).

#LI-AW1 Here Are Some of the Great Benefits We Offer:



* Most locations offer a 9/80 schedule, providing every other Friday off


* Competitive compensation & 401(k) program to plan for your future


* Robust medical, dental, vision, & disability coverage with qualified wellness discounts


* Basic Life Insurance and Additional Life & AD&D Insurances are available


* Flexible Vacation & PTO...