Cybersecurity Manager of Compliance

ASRC Federal is looking for detail-oriented and motivated Cybersecurity Manager of Compliance to join our team in a government contracting (GovCon) environment. The management role is: Responsible for: Leading, maturing, and overseeing enterprise cybersecurity compliance programs in DoD contractor environments.  Providing strategic oversight for audit readiness, compliance operations, POA&M lifecycle management, documentation accuracy, and the continuous monitoring of compliance obligations across the enterprise. Accountable for ensuring full alignment with CMMC Level 2 and Level 3 requirements, NIST SP 800-171, NIST SP 800-53, NIST SP 800-161 (C-SCRM), risk governance frameworks, and enterprise security policy and procedure development. A full-time hybrid role with 2 days in our Reston, VA office.  Key Responsibilities CMMC Level 2 & Level 3 Compliance Leadership Lead enterprise readiness, execution, and sustainment for CMMC Level 2 and Level 3 certification. Coordinate internal teams, external assessors, and evidence collection activities. Ensure DFARS 252.204-7012, 7019, 7020, and 7021 compliance across programs. NIST SP 800-171 Compliance Oversee all practices for safeguarding Controlled Unclassified Information (CUI). Maintain SSPs, POA&Ms, and associated cybersecurity documentation. Manage security assessments and deliver continuous monitoring activities. NIST SP 800-53 & RMF Execution Implement and manage 800-53 security and privacy controls across systems. Guide teams through categorization, control selection, assessments, and mitigation. NIST SP 800-161 (Cyber Supply Chain Risk Management) Develop and manage supplier cybersecurity assurance processes. Conduct vendor cybersecurity evaluations and ensure compliance flow-down requirements. Enterprise Policy & Procedure Development Develop, maintain, and govern enterprise information security policies and procedures. Ensure alignment with federal, DoD, and internal security frameworks. Compliance Governance & Reporting Develop compliance dashboards, metrics, and executive reports. Lead internal audits, compliance reviews, and external audit preparation. Team Leadership Lead a team of compliance analysts and cybersecurity professionals. Provide mentorship, clarity of direction, and performance oversight. Required Qualifications Bachelor’s degree in cybersecurity, information systems, engineering, or equivalent experience. 10+ years of cybersecurity experience with at least 5 years in compliance leadership roles, OR 8+ years of cybersecruity experience with at least 3 years in compliance leadership roles with a Master's degree in cybersecurity or information systems, or related field. Deep understanding of CMMC Level 2 and Level 3 frameworks. Comprehensive knowledge of NIST SP 800-171, NIST SP 800-53, and NIST SP 800-161. Experience in DoD contractor environments managing CUI and DFARS cybersecurity requirements. Experience developing enterprise policies, standards, and procedures. CISM or CISSP certification is required.  Strong communication, leadership, and cross-functional collaboration skills. U.S. Citizenship required; ability to obtain and maintain a security clearance may be required depending on contract. Preferred Qualifications CCSP, CCP, CCA, CRISC, CAP, CCAK, or CMMC Certified Professional/Assessor. Experience with eMASS, SIEM/SOC tools, and GRC platforms. Experience with supplier cybersecurity assessments and C-SCRM initiatives. Additional Information Reports to: Vice President Chief Information Security Officer Travel: Minimal (0–10%) Clearance: Secret clearance preferred but not required; may be required based on project needs.