IT & Compliance Manager

The IT & Compliance Manager is a hands-on leadership role responsible for managing the company’s day-to-day IT operations, cybersecurity program, and regulatory compliance posture. This role is the company’s primary internal owner of IT governance and federal compliance, with a core focus on leading and sustaining Cybersecurity Maturity Model Certification (CMMC) Level 2 certification.

Operating within a Google Workspace and macOS environment, this role directs an external managed service provider (MSP) responsible for help desk support and device management, while serving as the internal authority on all IT and compliance decisions. The IT & Compliance Manager will build repeatable processes and a maturing IT infrastructure that supports the company’s continued growth as a government contractor.

Reporting directly to the COO, this role will regularly interface with executive leadership (internal and external), serving as a trusted advisor on cybersecurity, compliance, and risk. This individual must be comfortable representing the company in client-facing and audit-related discussions, including supporting business development efforts and articulating the organization’s compliance posture.

While overseeing day-to-day IT operations through a managed service provider (MSP), success in this role is defined by the ability to drive compliance maturity, influence leadership decisions, and position the company as a trusted and compliant federal contractor.

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field (or equivalent experience)
• 5–8+ years of progressive experience in IT, cybersecurity, or compliance roles
  
  • 2+ years in a government contracting or federal consulting environment preferred
• Direct, hands-on experience leading or supporting CMMC Level 2 readiness and/or certification efforts (strongly preferred / prioritized)
• Demonstrated expertise with NIST SP 800-171 controls and implementing compliance programs in a business environment
• Proven experience developing, maintaining, and auditing SSPs, POA&Ms, and security policies in support of CMMC or similar frameworks
• Experience working directly with executive leadership, including the ability to communicate risk, tradeoffs, and compliance posture clearly
• Ability to participate in external-facing conversations (e.g., auditors, clients, partners) and represent the company’s cybersecurity capabilities
• Experience managing or overseeing a managed service provider (MSP) relationship
• Hands-on experience with macOS environments and endpoint management (e.g., Apple Business Manager, MDM platforms) preferred
• Experience with Google Workspace administration and security configuration is a plus
• Strong ability to build, document, and scale processes in a growing organization

CMMC & Regulatory Compliance

• →Serve as the primary internal owner and subject matter expert for CMMC Level 2 certification, leading all aspects of third-party assessment (C3PAO) readiness and execution
• →Develop, maintain, and continuously improve the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and all supporting CMMC documentation
• →Ensure ongoing alignment with NIST SP 800-171 controls and CMMC Level 2 practices across all in-scope systems and processes
• →Lead internal gap assessments, remediation planning, and evidence collection in preparation for audits
• →Monitor and interpret evolving federal cybersecurity requirements, including DFARS, FAR, and CUI handling standards
• →Own CUI policies, procedures, and employee training to ensure proper handling and compliance
• →Provide regular updates to executive leadership on compliance status, risks, and required actions

Managed Service Provider (MSP) Oversight

• →Oversee LINK’s MSP for help desk support, device management, and IT operations, ensuring alignment with security and compliance requirements
• →Establish clear expectations, SLAs, and accountability measures for MSP performance
• →Ensure MSP-delivered services meet CMMC and internal security standards
• →Evaluate MSP effectiveness and provide recommendations on vendor strategy, improvements, or changes
• →Serve as the primary internal escalation point and relationship owner for the MSP

Process Development & Operational Maturity

• →Assess current-state IT and compliance processes, identifying gaps, risks, and opportunities for standardization
• →Build and implement a process maturity roadmap focused on compliance readiness and scalability
• →Develop, document, and maintain SOPs for key IT and compliance functions, including device management, access control, and change management
• →Implement and enforce a structured IT change management process
• →Continuously refine processes based on audit findings, incidents, and organizational growth needs

Cybersecurity & Incident Response

• →Implement and manage the company’s cybersecurity program, including threat monitoring, vulnerability management, and endpoint protection
• →Develop, test, and maintain Incident Response (IR) and Business Continuity/Disaster Recovery (BC/DR) plans
• →Lead security awareness training and phishing simulation programs
• →Oversee identity and access management, including MFA and least-privilege principles

Business Operations & Technology Integration

• →Partner with operations, program management, and finance to ensure IT and compliance capabilities support contract delivery
• →Support business development efforts by contributing to proposals, compliance narratives, and participating in client discussions related to cybersecurity posture
• →Provide input to leadership on IT and security budgeting, forecasting, and vendor management
• →Identify and implement technology solutions that improve internal operations and scalability
• →Oversee onboarding and offboarding processes to ensure secure and efficient user lifecycle management

• Full time, 40 hours per week
• Some travel required to attend relevant events and conferences, and participate in LINK team events