The Senior IT Compliance and Security Specialist is responsible for owning and advancing the organization’s cybersecurity posture and regulatory compliance frameworks across enterprise systems and operations. This role leads the implementation, validation, and continuous improvement of security controls, vulnerability management practices, and risk mitigation initiatives, while also maintaining audit readiness and alignment wit frameworks such as NIST 800-171, CMMC Level 2, and applicable ITAR-related controls.
This position operates as a senior level contributor with hands-on responsibility for both practical security execution and structured compliance governance. The role partners cross-functionally with IT, Quality, Operations, and external auditors to reduce real-world cyber risk, strengthen control effectiveness, and ensure the organization remains continuously audit-ready as it scales.
Essential Job Functions
* Own the enterprise cybersecurity control environment by assessing, validating, and improving technical security controls across endpoints, networks, identity systems, applications, and cloud platforms.
* Lead vulnerability management processes including vulnerability scanning, prioritization, remediation tracking, validation, and reporting to reduce exposure to security threats.
* Partner with IT and operations to design and implement preventative security measures that strengthen system resilience, reduce operational risk, and improve security maturity.
* Maintain audit-ready compliance for applicable frameworks for NIST 800-171, CMMC Level 2, and ITAR-related controls, ensuring evidence is continuously documented, organized, and defensible.
* Act as internal owner for compliance assessments and third-party audits, coordinating evidence collection, gap tracking, remediation planning, and corrective actions through to closure.
* Evaluate security architecture, configurations, and operational practices to identify control gaps, systemic risks, and opportunities for continuous improvement.
* Support security incident preparedness activities including tabletop exercises, incident response documentation, post-incident analysis, and control improvement initiatives.
* Lead selection, implementation, and optimization of security tools and monitoring technologies (e.g., endpoint protection, vulnerability scanners, SIEM, access monitoring), ensuring tools are aligned with risk priorities and operational needs.
* Develop and maintain security and compliance policies, standards, procedures, and training materials that reinforce consistent execution and accountability across the organization.
* Track and report security risk indicators, control effectiveness metrics, audit readiness status, and remediation progress to leadership to support informed decision-making.
* Serve as the internal lead for the CMMC readiness initiative, coordinating directly with external assessors, managing readiness activities, and driving remediation toward compliance.
Additional Duties
* Employees may be required to perform other related duties as assigned to meet business needs.
Minimum Qualifications
* Bachelor’s degree in Information Security, Information Technology, Computer Science, Engineering, or a related field; or equivalent combination of education and experience.
* Minimum of 5 years of progressive experience in cybersecurity, IT risk, compliance, or related technical security roles.
* Demonstrated experience supporting or leading audits or formal assessments in regulated or compliance-driven environments.
* Practical working knowledge of security controls, vulnerability management, and technical security operations.
* Experience documenting and maintaining compliance evidence and control documentation.
Preferred Qualifications
* Professional certifications such as CISSP, CISM, CISA, CRISC, Security+, or similar.
* Experience with NIST 800-171, CMMC, ISO 27001, or similar security frameworks.
* Experience working in manufacturing, aerospace, defense, or regulated environments.
* Experience in ITAR-controlled environments or export-controlled data handling.
* Experience implementing or managing security tooling platforms (e.g., vulnerability scanners, endpoint protection, SIEM, IAM).
Knowledge, Skills, and Abilities
* Strong understanding of cybersecurity principles, control frameworks, and risk management methodologies.
* Ability to assess technical systems and translate findings into actionable remediation plans.
* Knowledge of vulnerability management lifecycle and security monitoring practices.
* Ability to evaluate and optimize security tooling and technical controls.
* Strong documentation, evidence management, and audit support skills.
* Ability to communicate technical concepts effectively to both technical and non-technical stakeholders.
* Strong analytical, organizational, and prioritization skills.
* Ability to operate independently with sound judgement and minimal supervision.
* Strong collaboration skills across IT, Quality, Operations, and leadership teams.
Physical Requirements
* Ability to sit for extended periods while working on a computer.
* Ability to occasionally lift and move materials up to 25 pounds.
* Ability to operate standard office equipment and computer systems.
* Ability to communicate effectively in person, by phone, and electronically.
* Hybrid office and manufacturing environment.
* Moderate noise levels in certain operational areas.
* Exposure to typical office conditions including computer equipment and standard lighting.
* 50% travel to operating sites as needed.
#J-18808-Ljbffr