About the Role:
This role operates within a Compliance as a Service (CaaS) model, where compliance is delivered as an ongoing managed service—not a one-time project. The CMMC Compliance Manager is responsible for driving and maintaining client compliance outcomes, not just providing guidance.
Success in this role requires:
- Ownership over outcomes – Ensures client progress and completion of required actions
- Continuous compliance mindset – Proactively manages compliance beyond point-in-time readiness
- Practical execution – Verifies controls are implemented and functioning in real environments
- Structured, scalable delivery – Follows and improves standardized processes
- Client leadership – Sets expectations and holds clients accountable
This is a hands-on, execution-focused role centered on delivering measurable compliance results—not a passive advisory position.
Key Responsibilities and Duties:
CMMC Implementation & Readiness
- Lead end-to-end CMMC engagements (scoping → implementation → readiness)
- Define system boundaries and SSP scope
- Drive implementation of NIST 800-171 / CMMC Level 2 controls
- Develop SSP, POA&M, policies, and artifacts
- Prepare clients for C3PAO assessment
Client Ownership & Delivery
- Serve as primary compliance lead for client stakeholders
- Drive client accountability, timelines, and progress
- Manage multiple client environments within a CaaS model
- Escalate risks impacting readiness timelines
Continuous Compliance Management
- Support post-certification compliance and monitoring
- Track compliance status, risks, and remediation
- Ensure ongoing alignment with CMMC requirements
Standardization & Scale (CaaS Model)
- Deliver services using standardized frameworks and templates
- Ensure consistency across client environments
-
- Contribute to process improvement and automation
- Other duties as assigned
Security Responsibilities
- Protect client and company data in accordance with security policies
- Ensure proper handling of CUI and regulated data
- Identify and report security incidents in accordance with procedures
- Support risk assessments and remediation tracking (POA&Ms)
- Participate in security program activities and reviews
Job Qualifications:
- 5+ years in technical, security, or compliance roles within IT environments, including administration of common SMB platforms such as Microsoft Office 365.
- Knowledge of security concepts and common tools including EDR, vulnerability management, patch management and auditing (SIEM) functions
- Experience implementing NIST SP 800-171 / CMMC Level 2 requirements, or direct experience with externally audited compliance standards such as ISO 27001.
- Experience managing multiple compliance engagements simultaneously
- Strong client communication and advisory skills
- Experience working in multi-client or managed services environments (MSP/MSSP) strongly preferred
- Experience delivering compliance through standardized or repeatable frameworks preferred
- Must be eligible for DOD Tier 3 background investigation
Knowledge & Certifications:
Required:
- Security+ (or equivalent foundational security knowledge)
- Experience with NIST 800-171 / CMMC
Preferred:
- CMMC CCA (Training or Certification)
Position:
- Location – Remote from the United States
- Employment Type - Full time
- Compensation - $125,000-130,000 DOE
Benefits:
- Medical Insurance - OSIbeyond pays 75% of the premium for the Employee's base medical plan
- Vision and Dental Insurance - OSIbeyond pays 75% of the premium for the Employee's plans
- Life Insurance - OSIbeyond pays 100% of the premium for the Employee's plans
- Short Term Disability Insurance - OSIbeyond pays 100% of the premium for the Employee's plans
- 401K - OSIbeyond matches up to 4%
- PTO/Holidays - 9 paid Holidays and accrual based PTO which increases with tenure, new hires start out with 2 weeks.
Compensation$125,000-130,000 DOE
