CMMC Compliance Manager

About the Role: This role operates within a Compliance as a Service (CaaS) model, where compliance is delivered as an ongoing managed service—not a one-time project. The CMMC Compliance Manager is responsible for driving and maintaining client compliance outcomes, not just providing guidance. Success in this role requires: Ownership over outcomes – Ensures client progress and completion of required actions Continuous compliance mindset – Proactively manages compliance beyond point-in-time readiness Practical execution – Verifies controls are implemented and functioning in real environments Structured, scalable delivery – Follows and improves standardized processes Client leadership – Sets expectations and holds clients accountable This is a hands-on, execution-focused role centered on delivering measurable compliance results—not a passive advisory position. Key Responsibilities and Duties: CMMC Implementation & Readiness Lead end-to-end CMMC engagements (scoping → implementation → readiness) Define system boundaries and SSP scope Drive implementation of NIST 800-171 / CMMC Level 2 controls Develop SSP, POA&M, policies, and artifacts Prepare clients for C3PAO assessment Client Ownership & Delivery Serve as primary compliance lead for client stakeholders Drive client accountability, timelines, and progress Manage multiple client environments within a CaaS model Escalate risks impacting readiness timelines Continuous Compliance Management Support post-certification compliance and monitoring Track compliance status, risks, and remediation Ensure ongoing alignment with CMMC requirements Standardization & Scale (CaaS Model) Deliver services using standardized frameworks and templates Ensure consistency across client environments Contribute to process improvement and automation Other duties as assigned Security Responsibilities P rotect client and company data in accordance with security policies Ensure proper handling of CUI and regulated data Identify and report security incidents in accordance with procedures Support risk assessments and remediation tracking (POA&Ms) Participate in security program activities and reviews Job Qualifications: 5+ years in technical, security, or compliance roles within IT environments, including administration of common SMB platforms such as Microsoft Office 365. Knowledge of security concepts and common tools including EDR, vulnerability management, patch management and auditing (SIEM) functions Experience implementing NIST SP 800-171 / CMMC Level 2 requirements, or direct experience with externally audited compliance standards such as ISO 27001. Experience managing multiple compliance engagements simultaneously Strong client communication and advisory skills Experience working in multi-client or managed services environments (MSP/MSSP) strongly preferred Experience delivering compliance through standardized or repeatable frameworks preferred Must be eligible for DOD Tier 3 background investigation Knowledge & Certifications: Required: Security+ (or equivalent foundational security knowledge) Experience with NIST 800-171 / CMMC Preferred : CMMC CCA (Training or Certification) CMMC CCP CISA Position: Location – Remote from the United States Employment Type - Full time Compensation - $125,000-130,000 DOE Benefits: Medical Insurance - OSIbeyond pays 75% of the premium for the Employee's base medical plan Vision and Dental Insurance - OSIbeyond pays 75% of the premium for the Employee's plans Life Insurance - OSIbeyond pays 100% of the premium for the Employee's plans Short Term Disability Insurance - OSIbeyond pays 100% of the premium for the Employee's plans 401K - OSIbeyond matches up to 4% PTO/Holidays - 9 paid Holidays and accrual based PTO which increases with tenure, new hires start out with 2 weeks.