CMMC Compliance Manager

About the Role:

This role operates within a Compliance as a Service (CaaS) model, where compliance is delivered as an ongoing managed service—not a one-time project. The CMMC Compliance Manager is responsible for driving and maintaining client compliance outcomes, not just providing guidance. 

Success in this role requires: 

• Ownership over outcomes – Ensures client progress and completion of required actions 

• Continuous compliance mindset – Proactively manages compliance beyond point-in-time readiness 

• Practical execution – Verifies controls are implemented and functioning in real environments 

• Structured, scalable delivery – Follows and improves standardized processes 

• Client leadership – Sets expectations and holds clients accountable 

This is a hands-on, execution-focused role centered on delivering measurable compliance results—not a passive advisory position. 

Key Responsibilities and Duties: 

CMMC Implementation & Readiness 

• Lead end-to-end CMMC engagements (scoping → implementation → readiness)  

• Define system boundaries and SSP scope  

• Drive implementation of NIST 800-171 / CMMC Level 2 controls  

• Develop SSP, POA&M, policies, and artifacts  

• Prepare clients for C3PAO assessment  

Client Ownership & Delivery 

• Serve as primary compliance lead for client stakeholders  

• Drive client accountability, timelines, and progress  

• Manage multiple client environments within a CaaS model  

• Escalate risks impacting readiness timelines  

Continuous Compliance Management 

• Support post-certification compliance and monitoring  

• Track compliance status, risks, and remediation  

• Ensure ongoing alignment with CMMC requirements  

Standardization & Scale (CaaS Model) 

• Deliver services using standardized frameworks and templates  

• Ensure consistency across client environments  

• • Contribute to process improvement and automation 
• Other duties as assigned

Security Responsibilities

• Protect client and company data in accordance with security policies  

• Ensure proper handling of CUI and regulated data  

• Identify and report security incidents in accordance with procedures  

• Support risk assessments and remediation tracking (POA&Ms)  

• Participate in security program activities and reviews 

Job Qualifications:

• 5+ years in technical, security, or compliance roles within IT environments, including administration of common SMB platforms such as Microsoft Office 365.  

• Knowledge of security concepts and common tools including EDR, vulnerability management, patch management and auditing (SIEM) functions 

• Experience implementing NIST SP 800-171 / CMMC Level 2 requirements, or direct experience with externally audited compliance standards such as ISO 27001.  

• Experience managing multiple compliance engagements simultaneously  

• Strong client communication and advisory skills 

• Experience working in multi-client or managed services environments (MSP/MSSP) strongly preferred  

• Experience delivering compliance through standardized or repeatable frameworks preferred 

• Must be eligible for DOD Tier 3 background investigation 

Knowledge & Certifications:

Required: 

• Security+ (or equivalent foundational security knowledge) 

• Experience with NIST 800-171 / CMMC  

Preferred: 

• CMMC CCA (Training or Certification)  

• CMMC CCP  

• CISA 

Position:

• Location – Remote from the United States
• Employment Type - Full time 
• Compensation - $125,000-130,000 DOE

Benefits:

• Medical Insurance - OSIbeyond pays 75% of the premium for the Employee's base medical plan
• Vision and Dental Insurance - OSIbeyond pays 75% of the premium for the Employee's plans
• Life Insurance - OSIbeyond pays 100% of the premium for the Employee's plans
• Short Term Disability Insurance - OSIbeyond pays 100% of the premium for the Employee's plans
• 401K - OSIbeyond matches up to 4%
• PTO/Holidays - 9 paid Holidays and accrual based PTO which increases with tenure, new hires start out with 2 weeks.