AeroVironmentRemote
CMMC Compliance Lead
Maryland, United States of America
Full Time
2 hours ago
No Visa Sponsorship
Key skills
Cyber SecurityCLeadershipRisk ManagementCommunication
About this role
Role Overview
- Serve as AV’s subject matter expert on CMMC 2.0 requirements, assessment objectives, scoping rules, and evidence expectations.
- Lead detailed gap analyses across technical, administrative, and physical controls to identify deficiencies and required remediation.
- Translate CMMC practices into clear, actionable technical requirements for IT, Engineering, Security, Facilities, HR, and other impacted teams.
- Guide and validate the implementation of required controls, ensuring alignment with CMMC and NIST SP 800‑171 assessment criteria.
- Support CUI scoping activities including asset inventory validation, boundary definition, and data flow mapping.
- Support the development, implementation, and maintenance of cybersecurity compliance programs aligned with CMMC, SOX, UKCE, ITAR, EAR, and other regulatory requirements.
- Maintain compliance with external regulations and internal policies, ensuring consistent application across all in‑scope systems and processes.
- Develop and implement compliance policies, procedures, and standards for cybersecurity, and assist other functional organizations in developing their own.
- Coordinate with IT Infrastructure, Enterprise Systems, Legal, Risk Management, and other departments to ensure compliance requirements are understood and executed.
- Lead the creation, refinement, and maintenance of compliance documentation including SSPs, POA&Ms, ConMon materials, policies, procedures, and evidence artifacts.
- Establish structured evidence collection and artifact management processes to ensure audit readiness.
- Perform internal readiness assessments, mock audits, and control testing to prepare AV for C3PAO evaluation.
- Oversee compliance audits and assessments, ensuring timely remediation and accurate reporting.
- Collaborate with external advisors, consultants, and assessors to support readiness and certification activities.
- Conduct risk assessments and provide recommendations to mitigate cybersecurity and compliance risks.
- Assess and report progress toward compliance objectives, including readiness status and control maturity.
- Advise leadership on compliance risks, technical challenges, and factors that may impact certification timelines or sustainment.
- Generate reports for senior cybersecurity leadership and contribute to executive‑level updates.
- Provide guidance and training to employees on cybersecurity compliance matters, including role‑based CMMC responsibilities.
- Develop awareness materials and communication strategies to support compliance adoption across the organization.
- Represent the cybersecurity function in meetings, planning sessions, and cross‑functional initiatives.
Requirements
- Bachelor’s degree in Information Systems, Cybersecurity, Engineering, or related field (or equivalent experience).
- Extensive hands-on experience with CMMC 2.0, NIST SP 800‑171, and DoD cybersecurity requirements.
- Demonstrated expertise conducting CMMC gap analyses, readiness assessments, and control evaluations.
- Strong technical understanding of security controls across access control, configuration management, incident response, logging/monitoring, vulnerability management, and secure system design.
- Experience implementing and validating technical, administrative, and physical controls required for CMMC compliance.
- Deep familiarity with CUI handling requirements, enclave design, and scoping methodologies.
- Experience supporting or preparing for third‑party assessments or regulatory audits.
- Strong communication and interpersonal skills with the ability to guide and influence technical and non‑technical teams.
- Proficiency with compliance tracking tools, GRC platforms, or evidence management systems.
- Ability to work independently and as part of a team; may manage small teams or project groups.
- U.S. Citizen, U.S. Permanent Resident (Green Card holder) or asylee/refugee status as defined by 8 U.S.C. 1324b(a)(3) required.
Tech Stack
- Cyber Security
Benefits
- AV offers an excellent benefits package including medical, dental vision, 401K with company matching, a 9/80 work schedule and a paid holiday shutdown.