CMMC Compliance Manager

About the Role:

This role operates within a Compliance as a Service (CaaS) model, where compliance is delivered as an ongoing managed service—not a one-time project. The CMMC Compliance Manager is responsible for driving and maintaining client compliance outcomes, not just providing guidance.

Success in this role requires:

• Ownership over outcomes – Ensures client progress and completion of required actions

• Continuous compliance mindset – Proactively manages compliance beyond point-in-time readiness

• Practical execution – Verifies controls are implemented and functioning in real environments

• Structured, scalable delivery – Follows and improves standardized processes

• Client leadership – Sets expectations and holds clients accountable

This is a hands-on, execution-focused role centered on delivering measurable compliance results—not a passive advisory position.

Key Responsibilities and Duties:

CMMC Implementation & Readiness

• Lead end-to-end CMMC engagements (scoping → implementation → readiness)

• Define system boundaries and SSP scope

• Drive implementation of NIST 800-171 / CMMC Level 2 controls

• Develop SSP, POA&M, policies, and artifacts

• Prepare clients for C3PAO assessment

Client Ownership & Delivery

• Serve as primary compliance lead for client stakeholders

• Drive client accountability, timelines, and progress

• Manage multiple client environments within a CaaS model

• Escalate risks impacting readiness timelines

Continuous Compliance Management

• Support post-certification compliance and monitoring

• Track compliance status, risks, and remediation

• Ensure ongoing alignment with CMMC requirements

Standardization & Scale (CaaS Model)

• Deliver services using standardized frameworks and templates

• Ensure consistency across client environments

• • Contribute to process improvement and automation
• Other duties as assigned

Security Responsibilities

• Protect client and company data in accordance with security policies

• Ensure proper handling of CUI and regulated data

• Identify and report security incidents in accordance with procedures

• Support risk assessments and remediation tracking (POA&Ms)

• Participate in security program activities and reviews

Job Qualifications:

• 5+ years in technical, security, or compliance roles within IT environments, including administration of common SMB platforms such as Microsoft Office 365.

• Knowledge of security concepts and common tools including EDR, vulnerability management, patch management and auditing (SIEM) functions

• Experience implementing NIST SP 800-171 / CMMC Level 2 requirements, or direct experience with externally audited compliance standards such as ISO 27001.

• Experience managing multiple compliance engagements simultaneously

• Strong client communication and advisory skills

• Experience working in multi-client or managed services environments (MSP/MSSP) strongly preferred

• Experience delivering compliance through standardized or repeatable frameworks preferred

• Must be eligible for DOD Tier 3 background investigation

Knowledge & Certifications:

Required:

• Security+ (or equivalent foundational security knowledge)

• Experience with NIST 800-171 / CMMC

Preferred:

• CMMC CCA (Training or Certification)

• CMMC CCP

• CISA

Position:

• Location – Remote from the United States
• Employment Type - Full time
• Compensation - $125,000-130,000 DOE

Benefits:

• Medical Insurance - OSIbeyond pays 75% of the premium for the Employee's base medical plan
• Vision and Dental Insurance - OSIbeyond pays 75% of the premium for the Employee's plans
• Life Insurance - OSIbeyond pays 100% of the premium for the Employee's plans
• Short Term Disability Insurance - OSIbeyond pays 100% of the premium for the Employee's plans
• 401K - OSIbeyond matches up to 4%
• PTO/Holidays - 9 paid Holidays and accrual based PTO which increases with tenure, new hires start out with 2 weeks.