Cybersecurity and Compliance Manager

POSITION SUMMARY:
The IT Cybersecurity and Compliance Manager will lead Gosiger’s efforts in achieving and maintaining Cybersecurity Maturity Model Certification (CMMC) compliance. This role is responsible for developing, implementing, and enforcing cybersecurity policies and procedures, managing compliance documentation, and coordinating with internal teams and external assessors to ensure readiness and certification.

• Pay Range: $100  - $130k
• Work Location:  Dayton, OH office - hybrid schedule with 2-3 days in office per week after first 60 days of employment

ESSENTIAL RESPONSIBILITIES:

• Compliance and Policy:

• Lead the development and execution of Gosiger’s CMMC compliance roadmap, including scoping, gap assessments, remediation, and certification.
• Work with partners to build and maintain secure enclaves for handling Controlled Unclassified Information (CUI), including Microsoft 365 GCC High environments.
• Draft, refine, and enforce cybersecurity policies and procedures across the organization.
• Collaborate with legal and ITAR stakeholders to establish formal processes for protected file sharing and data custody.
• Serve as liaison with C3PAOs and manage audit preparation and execution.

• Cybersecurity:

• Manage our cybersecurity solutions and partners.
• Monitor and report on cybersecurity threats, incidents, and investigations.

• Conduct regular system access audits and vulnerability assessments.
• Support disaster recovery and business continuity planning.

• Training and Guidance:

• Train users on cybersecurity protocols and ensure ongoing awareness and compliance.

• Team & Organizational Support:

• Recognize issues that require escalation to IT leadership when necessary.
• Follow the goals and guidelines outlined in the IT policy and business continuity plans.
• Be ready to assist and help all team members in IT when necessary.
• Commitment to ongoing personal and professional development through training, coaching, and/or mentoring.

• Other duties as assigned.

ESSENTIAL REQUIREMENTS:

• Proven ability to write and implement IT policies and procedures
• Experience with CMMC 2.0 framework and NIST SP 800-171 controls
• Strong understanding of ITAR and data protection regulations
• Familiarity with Microsoft 365 GCC High, remote desktop environments, and secure file transfer platforms
• Certifications such as CompTIA Security+, CISSP, or CMMC RP/RPO are a plus
• Excellent planning skills, including building and following a phased system roadmap
• Excellent documentation skills, including building and maintaining system processes and procedures
• Exceptional critical thinking skills
• Excellent written and oral communication skills
• Strong interpersonal and collaboration skills
• Highly self-motivated and detail-oriented
• Experience working in a team-oriented, collaborative environment

WORKING CONDITIONS:

• Sitting for extended periods of time.
• Dexterity of hands and fingers to operate a computer keyboard and mouse.
• Occasional lifting and transporting of moderately heavy objects, such as computers and peripherals.
• Occasional travel by automobile and/or aircraft.
• Ability to maintain charge account for business expenses.