Manager, IT Security & Compliance (ITAR)

Description

Job Title: Manager IT Security and Compliance

Location: Hybrid / Remote

Department: Technology

Reports to: Sr. Director of IT

Job Description: IT Security & Compliance Manager (Including ITAR Compliance)

Position Overview

The IT Security & Compliance Manager is responsible for developing, implementing, and maintaining the organization’s information security strategy, compliance frameworks, and risk management programs. This role ensures that all systems, processes, and personnel adhere to applicable regulatory requirements, including ITAR, data protection laws, cybersecurity best practices, and internal security policies. The position requires close coordination with IT, Legal, HR, and Operations to maintain a secure and compliant technology environment.

Key Responsibilities

• Information Security Management
• Develop and maintain the company’s Information Security Program, ensuring alignment with industry standards (NIST, ISO 27001, CIS Controls).
• Implement and oversee security technologies, including firewalls, SIEM, endpoint detection, access controls, and encryption.
• Conduct regular security risk assessments, vulnerability scans, and penetration testing initiatives.
• Lead security incident response, investigation, documentation, and reporting processes.
• Manage identity and access management (IAM) practices, including privileged access controls.
• Compliance & Governance
• Maintain compliance with ITAR, CMMC, DFARS 252.204-7012, NIST 800-171, GDPR, and other applicable regulatory or contractual cybersecurity requirements.
• Develop and maintain system security plans (SSPs), POA&Ms, and related compliance documentation.
• Lead internal and external audits, ensuring timely responses and remediation of findings.
• Create and enforce IT policies, standards, and procedures.
• Oversee vendor cybersecurity due diligence and third-party risk assessments.
• ITAR-Specific Responsibilities
• Ensure all digital systems, data repositories, and communication tools comply with ITAR technical data handling requirements.
• Coordinate with HR and Legal to verify personnel eligibility for access to ITAR-controlled information.
• Implement access restrictions, data segregation, and monitoring controls for ITAR-regulated systems.
• Train employees on ITAR obligations, including proper handling, storage, and transmission of defense-related technical data.
• Work with Export Compliance personnel to maintain audit-ready documentation and respond to regulatory inquiries or incidents.
• Ensure cloud environments meet ITAR compliance (e.g., US-persons-only access, compliant hosting platforms).
• Security Awareness & Training
• Lead ongoing cybersecurity and compliance training initiatives across the organization.
• Conduct phishing simulations, awareness campaigns, and departmental workshops.
• Ensure new hires receive mandatory IT security and ITAR compliance orientation.
• Strategic Leadership
• Develop the IT security roadmap and budget, aligning with organizational goals.
• Provide security and compliance guidance during technology planning and system implementations.
• Collaborate with executive leadership to communicate risk posture, KPI dashboards, and business impacts.
• Stay current on emerging threats, regulations, and security technologies.
  
  

Qualifications

Required

• Bachelor’s degree in information technology, Cybersecurity, or a related field (or equivalent experience).
• 5 years of experience in IT security, compliance, or risk management.
• Demonstrated experience with ITAR compliance and handling controlled technical data.
• Solid understanding of regulatory frameworks: NIST 800-171, CMMC, ISO 27001, SOC 2, GDPR.
• Hands-on experience with enterprise security tools: SIEM, EDR, IAM, DLP, vulnerability scanners.
• Strong knowledge of network security concepts, cloud security (Azure/AWS), and incident response processes.
• Excellent documentation, communication, and auditing skills.
  
  

Preferred

• Relevant certifications: CISSP, CISM, CEH, CCSP, Security , Certified CMMC Professional (CCP), or ITAR certification.
• Experience working in the defense, aerospace, manufacturing, or government contracting sectors.
• Familiarity with controlled unclassified information (CUI) environments.
  
  

Key Competencies

• Strong ethical judgment and ability to maintain confidentiality.
• Analytical problem-solving and risk-based decision making.
• Cross-functional leadership and stakeholder collaboration.
• Ability to operate in a highly regulated environment and adapt to changing compliance requirements.
  
  

Requirements

Qualifications Required

• Bachelor’s degree in information technology, Cybersecurity, or a related field (or equivalent experience).
• 5 years of experience in IT security, compliance, or risk management.
• Demonstrated experience with ITAR compliance and handling controlled technical data.
• Solid understanding of regulatory frameworks: NIST 800-171, CMMC, ISO 27001, SOC 2, GDPR.
• Hands-on experience with enterprise security tools: SIEM, EDR, IAM, DLP, vulnerability scanners.
• Strong knowledge of network security concepts, cloud security (Azure/AWS), and incident response processes.
• Excellent documentation, communication, and auditing skills.
  
  

Preferred

• Relevant certifications: CISSP, CISM, CEH, CCSP, Security , Certified CMMC Professional (CCP), or ITAR certification.
• Experience working in the defense, aerospace, manufacturing, or government contracting sectors.
• Familiarity with controlled unclassified information (CUI) environments.
  
  

Key Competencies

• Strong ethical judgment and ability to maintain confidentiality.
• Analytical problem-solving and risk-based decision making.
• Cross-functional leadership and stakeholder collaboration.
• Ability to operate in a highly regulated environment and adapt to changing compliance requirements.
  
  

Due to the specialist nature of this position, only candidates with the required credentials and ITAR experience will be contacted. Thank you for your interest in Mission Critical Group.