Responsible for the end-to-end management, sustainment, and continuous improvement of the company’s Cybersecurity Maturity Model Certification (CMMC) Level 2 program in support of DoD contracts involving Controlled Unclassified Information (CUI)
Provide enterprise-level governance and oversight to ensure compliance with DFARS 252.204-7012, 32 CFR Part 170, 32 CFR Part 117, and NIST SP 800-171
Serve as the primary authority for CMMC program readiness, audit preparation, and sustainment
Develop, maintain, and execute the CMMC compliance roadmap, ensuring alignment with DoD timelines and contract requirements
Establish governance structures, roles, and accountability for cybersecurity compliance across business units

5–8+ years of experience in cybersecurity compliance, information assurance, or security program management within a DoD contracting environment
Demonstrated experience managing NIST SP 800-171 compliance and preparing organizations for audits or assessments
Experience supporting CUI environments and DFARS 252.204-7012 requirements
Experience coordinating assessments, audits, or regulatory reviews
Strong working knowledge of: CMMC Level 2, NIST SP 800-171, 32 CFR Part 117 (NISPOM), 32 CFR Part 170, DFARS 252.204-7012 / 7019 / 7020
Ability to translate regulatory requirements into actionable program controls
Strong documentation, risk analysis, and stakeholder communication skills
Clearance Requirement: Ability to obtain and maintain a Top Secret clearance (active clearance preferred).

The Nakupuna Companies use a market-based compensation strategy to ensure that our employees are compensated within applicable market ranges commensurate with multiple factors, including but not limited to the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability, organizational requirements, and position location.

CMMC Program Manager

Key skills