Manager, IT Risk & Compliance

Summary

The Manager of IT Risk & Compliance is a strategic leader within the Global IT Security organization, responsible for driving the enterprise Governance, Risk, and Compliance (GRC) program. This role ensures that information systems align with global security strategies, regulatory requirements, and the IT roadmap.
Acting as a key liaison between IT Security and business stakeholders, the Manager leads proactive, data-driven cybersecurity initiatives that strengthen enterprise resilience, reduce risk exposure, and support secure business growth.

Detailed Description

Performs tasks such as, but not limited to, the following:

Regulatory & Compliance Leadership
 Lead enterprise-wide governance for frameworks and regulations including NIST 800-171, DFARS, and CMMC, ensuring consistent implementation and ongoing compliance.

CMMC Program Execution
 Drive organizational readiness and successful execution of CMMC Level 2 assessments across Aerospace & Defense (A&D) sites.

Audit & Assurance Management
 Oversee the full lifecycle of internal and external IT audits, including preparation, stakeholder coordination, and timely remediation of findings.

GRC Program Management
 Implement and manage the enterprise GRC platform to centralize compliance tracking, POA&M management, and risk reporting.

Identity & Access Governance
 Define and enforce access control standards, including compliance with complex global requirements such as ITAR and EAR.

Security Documentation & Standards
 Direct the development and maintenance of System Security Plans (SSPs) and supporting security documentation.

Risk Identification & Mitigation
 Partner with site-level IT teams to identify vulnerabilities and embed security controls into business processes.

Program & Project Leadership
 Lead cross-functional security and compliance initiatives, managing scope, timelines, resources, and executive reporting.

 

Knowledge/Skills/Competencies

• Strong understanding of IT security frameworks and standards (e.g., NIST, ISO/IEC 27001, COBIT, ITIL)
• Expertise in regulatory requirements including CMMC, DFARS, SOX, HIPAA, PCI DSS, and global compliance standards
• Ability to translate complex security and risk concepts for both technical and non-technical audiences
• Proven experience in risk management, internal controls, and audit processes
• Strong project and program management capabilities
• Advanced analytical and problem-solving skills
• Effective communication, collaboration, and stakeholder management skills
• Experience with enterprise GRC tools and platforms
• Solid understanding of change management processes

Typical Experience

• 5–7+ years of experience in IT Security, Risk Management, or Compliance, preferably in manufacturing or defense environments
• Strong working knowledge of NIST 800-171, CMMC, ITAR, and GDPR
• Demonstrated ability to manage multiple complex initiatives in regulated environments

Preferred Certifications:

• CMMC Certified Professional (CCP) (highly preferred)
• CMMC Certified Assessor (CCA)
• CISSP, CISA, ISO/IEC 27001 Lead Auditor, or PMP

Typical Education

Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.

Salary

The stated range includes Base Salary and target Short-Term Incentive (STI) compensation only. A comprehensive benefits package is offered in addition to this range.

The range described in this posting is an estimate by the Company, and may change based on several factors, including but not limited to a change in the duties covered by the job posting, or the credentials, experience or geographic jurisdiction of the successful candidate.

Salary Range: $107,000 - 147,000 USD

Physical Demands

Duties of this position are performed in a normal office environment.
Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.