Amentum seeks a Cybersecurity Compliance Manager!        

Amentum is a global leader in advanced engineering and innovative technology solutions, trusted by the United States and its allies to address their most significant and complex challenges in science, security and sustainability. Headquartered in Virginia, we have more than 53,000 employees in approximately 80 countries across all 7 continents.

The Cybersecurity Compliance Manager is a remote-telework position that supports our compliance with cybersecurity related frameworks, in governance, risk, and information assurance. This role leads Amentum’s certification efforts for CMMC, ISO 27001, CE+, DIST, and others.  Qualified candidates will need a versatile skill set that emphasizes CMMC and NIST 800-171 and 800-172 regulatory comprehension, technology, effective collaboration, critical thinking, analytical prowess, and strong communication skills. Remote-telework role (you must live and work within the US). US Citizenship is required to apply. Seeking a candidate that is willing to obtain a secret level clearance.

Essential Responsibilities: 

• CMMC Compliance & DIB Regulations: Oversee compliance with CMMC requirements, ensuring that internal controls for IT, cybersecurity, and risk management align with both CMMC requirements and industry-specific regulations, including Defense Federal Acquisition Regulation Supplement (DFARS) and National Institute of Standards and Technology (NIST) standards.
• Control Testing & Documentation: Conduct regular testing of IT, cybersecurity, and risk controls to assess their operational effectiveness. Maintain thorough documentation of testing results, remediation plans, and updates related to NIST 800-171 and NIST 800-172 controls, while ensuring adherence to DIB-specific security guidelines.
• Risk Assessment & Mitigation: Identify potential risks in IT systems and cybersecurity infrastructure that could affect compliance, data integrity, and operational continuity. Provide risk mitigation strategies tailored to the DIB environment, ensuring alignment with both regulatory and operational requirements.
• Cybersecurity & Defense Controls: Review and evaluate the design and effectiveness of cybersecurity controls, particularly as they pertain to protecting sensitive defense-related information and intellectual property. Ensure cybersecurity controls meet or exceed government and DIB standards.
• Cross-Department Collaboration: Collaborate with various business units, including IT, internal audit, cybersecurity, legal, and compliance teams, to ensure alignment with CMMC requirements and DIB-specific regulations. Advise and support these teams on best practices related to internal controls and risk management.
• Continuous Improvement & Industry Best Practices: Keep up to date with developments in CMMC compliance, cybersecurity, IT risk management, and DIB-specific regulations. Propose improvements to internal controls and processes based on emerging threats, changing regulatory requirements, and industry best practices.  Assist in crosswalks of frameworks, legislations and alike to controls.
• Audit Support: Serve as a point of contact for internal & external auditors, ensuring timely and accurate delivery of documentation related to IT, cybersecurity, and risk controls. Address any findings or questions related to CMMC compliance and DIB-related security measures.
• Compliance & Security Training: Provide guidance to internal stakeholders regarding compliance with CMMC and DIB regulations, including educating staff on internal controls, security requirements, and risk management procedures.
• Consult with and brief executive management on CMMC compliance and risk matters.
• Create, maintain, and provide metrics and status reports to cybersecurity leadership.
• Travel up to 25%.
• Perform all other position-related duties as assigned or requested.

Knowledge, Skills, and Abilities:

• Strong understanding of CMMC/NIST 800-171 compliance.
• Understanding specific regulations governing the DIB sector, including FAR, DFARS, NIST SP 800-53, NIST SP 800-171, CMMC, TAA, and ITAR.
• Expertise in IT risk management, cybersecurity frameworks (e.g., NIST Cybersecurity Framework), and internal control methodologies (e.g., COSO, COBIT).
• Ability to manage multiple priorities, work independently, and navigate complex regulatory environments in a highly sensitive and secure industry.
• Excellent analytical, communication, and collaboration skills, with the ability to influence key stakeholders across the organization.

Minimum Requirements:

• US Citizenship is required.
• Willingness to allow Amentum to obtain a secret level clearance for you.
• Bachelor’s degree in IT, Cybersecurity, or a related field.
• In lieu of a degree we will allow: Two (2) years of hands-on experience in government regulatory compliance/IT or Cybersecurity for each year of the degree. (Eight (8) years of experience equals a Bachelor’s degree).
• Eight (8) years of hands-on experience in government regulatory compliance efforts, such as RMF, CMMC, and FEDRAMP is required.
• Relevant certifications such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), or similar are highly preferred.
• IT risk management or cybersecurity, preferably within the defense or government contracting industry.

Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, sex, sexual orientation, pregnancy (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, ancestry, United States military or veteran status, color, religion, creed,  marital or domestic partner status, medical condition, genetic information, national origin, citizenship status, low-income status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal laws and supplemental language at Labor Laws Posters.