Skills

Leadership Network Security Incident Response Risk Management Monitoring Architecture Security Architecture Organization

Job Specifications

Overview

We are seeking a Cybersecurity & CMMC Implementation Leader to build, implement, and operationalize a company-wide cybersecurity program and lead the organization to CMMC Level 2/3 certification.

This is a hands-on, execution-focused role — not just policy or advisory. The ideal candidate has personally implemented NIST SP 800-171 controls in a real environment and driven organizations to audit readiness.

You will own the full lifecycle of the CMMC program: technical implementation, governance, documentation, and audit preparation, ensuring protection of Controlled Unclassified Information (CUI) within a Defense Industrial Base (DIB) environment.

Key Responsibilities

CMMC Implementation & Audit Readiness

Lead implementation of NIST SP 800-171 security controls
Define and maintain CUI boundary architecture
Develop and maintain System Security Plan (SSP)
Build and manage POA&M remediation tracking
Establish and maintain an audit-ready evidence repository
Prepare the organization for C3PAO assessments

Security Architecture & Technical Implementation

Implement and oversee:
Security logging & monitoring
Vulnerability management
Secure system configurations
Network segmentation & boundary protection
Identity & access management (IAM)
Incident detection & response
Translate compliance requirements into practical, technical controls

Governance & Program Leadership

Establish and scale a sustainable cybersecurity governance program
Partner with IT, engineering, and business leaders to implement controls
Track and communicate risk, security posture, and remediation progress
Build processes for continuous monitoring and long-term compliance

Required Qualifications

8–15+ years of cybersecurity experience
Proven experience implementing NIST SP 800-171 controls
Experience preparing for CMMC or federal security audits
Hands-on experience with:
Security monitoring/logging tools
Vulnerability management platforms
Network security & segmentation
Identity & access management
Incident response
Experience developing and managing:
System Security Plans (SSP)
Plans of Action & Milestones (POA&M)
Audit evidence repositories

Preferred Qualifications

Experience leading a successful CMMC assessment
Background in the Defense Industrial Base (DIB) or government contracting
Familiarity with:
NIST SP 800-53
Risk Management Framework (RMF)
Certifications (nice to have):
CISSP
CISM
CMMC RP or CCP

What Success Looks Like (First 12 Months)

Fully developed and documented SSP aligned to NIST 800-171
Implementation of required technical controls and monitoring
Established centralized evidence repository
Matured governance and remediation processes
Organization ready for CMMC certification assessment

Why This Role Matters

This role plays a critical part in securing sensitive information and enabling compliance within the defense supply chain. You’ll have the opportunity to build a cybersecurity program from the ground up and partner closely with leadership to drive long-term success.

About the Company

At ITR Group, we match ideal IT consultants with unique clients and projects--fast and effectively--time and time again. In short, right fit is where we earn our keep. We excel in this critical space because we place the emphasis where it matters: on knowing. Knowing our consultants and contractors and what makes them tick. Knowing our clients and their particular needs. This knowledge helps us make the smart connections between the two sides of our business--and allows everyone to succeed. This is also why connecting with y... Know more