Job Title:  IT Project Manager - CMMC

We are seeking a CMMC Project Manager to lead a high-visibility IT infrastructure and cybersecurity initiative to build a secure CMMC-aligned enclave in Azure and enable multiple businesses to onboard and operate within the environment to support third-party certification readiness.

The enclave’s infrastructure and security services are delivered and operated by an outsourced managed services provider (MSP/MSSP). This role will manage execution across internal stakeholders and the MSP/MSSP, ensuring delivery is aligned to technical requirements, compliance expectations, timelines, and audit-ready documentation.

How you will make an impact:

• Lead end-to-end project execution for the expanded design, build, and rollout of a secure Azure-based CMMC enclave, supporting multiple business entities.
• Serve as the primary project manager coordinating across IT/Security stakeholders, business units, and the MSP delivering the environment.
• Develop and maintain the integrated project plan, timeline, milestones, and RAID log (risks/actions/issues/decisions).
• Manage vendor/MSP&MSSP delivery including scope alignment, execution tracking, dependencies, deliverable acceptance, and issue escalation.
• Establish clear scope boundaries between the enclave “core baseline” (shared services) and business-specific customization requirements.
• Coordinate technical implementation and readiness activities delivered through the MSP, including:
  • Azure landing zone / subscription structure, segmentation, and governance
  • Network design and isolation (hub/spoke, routing, connectivity, firewalling)
  • Identity and access management using Entra ID (Azure AD), MFA, RBAC, Conditional Access
  • Endpoint management and hardening using Intune and Defender for Endpoint
  • Security posture management and compliance monitoring using Microsoft Defender for Cloud
  • Centralized logging/monitoring using Microsoft Sentinel (SIEM), Log Analytics, alerting
  • Key management / secrets / encryption (Key Vault, encryption at rest/in transit)
  • Backup/recovery strategy, retention planning, and operational support readiness
• Drive creation of a repeatable multi-business onboarding framework, including intake, standard configurations, variation handling, and validation.
• Partner with Cybersecurity and compliance stakeholders to translate CMMC/NIST expectations into actionable work packages and measurable deliverables.
• Ensure operational processes are defined and adopted for the enclave, including access provisioning, change control, incident response coordination, and escalation paths.
• Drive documentation and audit readiness: policies, SOPs, control narratives, diagrams, and proof of operation (with evidence gathered from both internal teams and the MSP).
• Coordinate testing, validation, cutover planning, and go-live readiness; ensure post-launch stabilization (“hypercare”) and transition to steady-state operations.
• Provide clear stakeholder communications and executive-level status reporting, proactively surfacing risks, schedule threats, and mitigation options.
• Process and track one-time and re-occurring project invoices against the budget.  Develop, manage, and maintain the operating cost model for each of the included businesses.

What you will bring to the role:

• 7+ years of IT project/program management experience, including technical infrastructure and security programs.
• A Bachelor's degree in Information Technology, Computer Science or other technical area.
• Demonstrated success managing delivery through third-party vendors / managed service providers, including milestone tracking, SLA/OLA alignment, escalation, and deliverable acceptance.
• Proven track record delivering complex, cross-functional initiatives involving infrastructure, identity, networking, and cybersecurity.
• Strong familiarity with Azure and Microsoft security ecosystem, including:
  • Azure core services and governance concepts
  • Entra ID (Azure AD), MFA, Conditional Access, RBAC
  • Microsoft Defender (Endpoint and Cloud)
  • Intune device management and compliance
  • Microsoft Sentinel (SIEM) and Log Analytics
• Working understanding of compliance-driven delivery and audit readiness (experience with CMMC, NIST 800-171, or similar frameworks strongly preferred).
• Ability to manage multiple stakeholders and onboard multiple business units with varying requirements and timelines.
• Strong documentation discipline and ability to drive teams (including vendors) to produce assessor-ready evidence.
• Excellent communication and leadership skills—comfortable working with executives, engineers, auditors/assessors, and vendor leadership.
• Tools proficiency: MS Project / Smartsheet / Jira/ SharePoint, Visio (or similar).

Preferred Qualifications

• Experience supporting environments for CMMC Level 2 readiness and/or NIST SP 800-171 implementation programs.
• Strong knowledge of secure networking concepts (segmentation, private connectivity, firewalling, zero trust).
• Experience coordinating third-party assessment readiness activities (mock audits, evidence walkthroughs, remediation plans).
• Certifications: PMP, CISSP, CISM, Azure certs (AZ-104/AZ-305/SC-100).

*Due to contracts with the federal governments, candidates must either be a US Permanent Resident or US Citizen.

#LI-BM1