Demo

Compliance Manager (NIST Cybersecurity Framework Maturity Lead) (Contract)

Planet Pharma
Aliso Viejo, CA Contractor
POSTED ON 7/6/2026
AVAILABLE BEFORE 1/7/2027
Description

Seeking an experienced, self-directed cybersecurity contractor to serve as the NIST Cybersecurity Framework (CSF) Maturity Lead for a focused six-month engagement. This individual will own the design, execution, and documentation of our journey toward NIST CSF maturity — driving the organization from its current baseline to a defined, measurable, and sustainable maturity target. The Lead will operate with a high degree of autonomy, partnering with a junior GRC contractor and collaborating across IT, Engineering, Quality, and Regulatory functions. This is a build role: the person we hire will create the processes, tooling, and governance artifacts needed to support the program — and will be accountable for ensuring those outputs can be transitioned to internal staff at engagement close.

Requirements

What You’ll Do NIST CSF Assessment & Roadmap

  • Lead a current-state assessment of company cybersecurity posture against the NIST CSF (v1.1 or v2.0) across all five Functions: Identify, Protect, Detect, Respond, and Recover.
  • Establish a target maturity tier and define a prioritized, time-boxed roadmap with clear milestones within the six-month engagement window.
  • Map existing controls (policies, procedures, technical safeguards) to CSF Categories and Subcategories; identify gaps and document residual risk.
  • Where NIST CSF does not apply directly, leverage equivalent controls from NIST 800-53, ISO 27001, SOC 2, CMMC, or other applicable frameworks to provide crosswalk evidence. Program Governance &

Project Management

  • Establish and maintain a formal program charter, RACI matrix, and weekly status reporting cadence for all NIST CSF workstreams.
  • Own the program plan — maintaining tasks, owners, dependencies, and milestone dates with rigorous tracking and proactive escalation of blockers.
  • Manage the junior GRC contractor: assign work, review deliverables, provide structured feedback, and ensure quality and consistency across outputs.
  • Run structured stakeholder meetings, produce clear meeting notes, action registers, and decision logs.
  • Maintain a living program dashboard visible to CISO and senior leadership reflecting current maturity scores, risk posture, and roadmap status.

Policy, Process & Control Development

  • Draft, revise, and finalize cybersecurity policies, standards, procedures, and control narratives required to close CSF gaps.
  • Design and implement repeatable processes for control execution — including access reviews, vulnerability management SLA tracking, patch governance, and control attestations.
  • Develop evidence collection templates, control calendars, and checklists to support ongoing monitoring post-engagement.
  • Build a governance repository (SharePoint, Confluence, or equivalent) organized for auditability and long-term operability.

Risk Management

  • Maintain a cybersecurity risk register aligned to CSF subcategories, capturing likelihood, impact, ownership, and remediation status.
  • Facilitate risk assessment workshops with IT, Engineering, and Quality stakeholders; document findings and drive decisions to closure.
  • Identify, document, and manage exceptions; develop compensating controls where remediation timelines extend beyond engagement scope. Stakeholder Engagement & Influence
  • Operate as the primary point of accountability for all NIST CSF maturity activities, working without direct authority over functional teams.
  • Build trusted relationships across IT, Engineering, Quality, Legal, and Regulatory Affairs to drive compliant outcomes.
  • Communicate program status, risk posture, and decisions clearly to both technical and executive audiences.
  • Deliver training or awareness content to stakeholders on relevant control expectations and their responsibilities.

Transition & Knowledge Transfer

  • Design all processes with handoff in mind: document workflows, runbooks, and control calendars sufficient for an internal team member to continue operating the program independently.
  • Conduct formal knowledge transfer sessions in the final 30 days of the engagement.
  • Produce a final engagement report summarizing maturity progress, residual gaps, and recommended next steps.

Required Experience

  • 7 years of experience in cybersecurity, GRC, or a closely related field.
  • Demonstrated hands-on experience leading a NIST CSF assessment, gap analysis, or maturity improvement program — OR equivalent depth in NIST 800-53, ISO 27001, SOC 2, or CMMC with proven ability to apply crosswalk to NIST CSF.
  • Strong project management skills: the ability to build and manage a formal program plan, track milestones, escalate risks, and deliver consistently on schedule.
  • Proven track record of working autonomously in contractor or consulting roles with minimal supervision.
  • Experience managing or mentoring junior team members and reviewing their work for quality.
  • Demonstrated ability to build processes and documentation from scratch that are designed to outlast the builder’s tenure.
  • Experience producing executive-facing reporting (dashboards, risk summaries, status decks).
  • Strong written communication skills — policies, procedures, and program documentation must be clear, concise, and audit-ready.

Preferred Qualifications

  • Prior engagement in a regulated industry (medical device, pharma, financial services, defense) where compliance rigor and documentation standards are high.
  • Familiarity with the NIST CSF v2.0 update and its new Govern function.
  • Experience with GRC platforms (ServiceNow GRC, Archer, Drata, Vanta, or similar).
  • Relevant certifications: CISM, CRISC, CGRC/CAP, CISSP, ISO 27001 Lead Implementer, or equivalent.
  • Familiarity with FDA cybersecurity guidance in the context of medical device GRC (a plus, not a requirement).

Working Style Requirements

  • Must be able to operate as a self-starter — define the work, not just execute it.
  • Must demonstrate structured thinking: organized, methodical, detail-oriented with an eye for process quality.
  • Must be comfortable with ambiguity and building structure in environments where it does not yet fully exist.
  • Must communicate proactively — surfacing issues, seeking alignment, and keeping stakeholders informed without being prompted.

Hourly Wage Estimation for Compliance Manager (NIST Cybersecurity Framework Maturity Lead) (Contract) in Aliso Viejo, CA
$60.00 to $76.00
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Compliance Manager (NIST Cybersecurity Framework Maturity Lead) (Contract)?

Sign up to receive alerts about other jobs on the Compliance Manager (NIST Cybersecurity Framework Maturity Lead) (Contract) career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$123,739 - $165,355
Income Estimation: 
$163,270 - $214,905
Income Estimation: 
$150,417 - $183,047
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Planet Pharma

  • Planet Pharma Watertown, MA
  • Reporting to the Director of Clinical Operations, this individual will play a key role in the planning, execution, and management of clinical trials, ensur... more
  • 8 Days Ago

  • Planet Pharma Woburn, MA
  • Talent Acquisition Coordinator Part-Time (20 hours/week) – onsite 2 days/week and as needed Job Summary: The Talent Acquisition Interview Scheduler support... more
  • 8 Days Ago

  • Planet Pharma Athens, GA
  • Duties Package vaccines, run machinery Label and package finished good To perform the duties associated with labeling, inspecting, and packaging of vaccine... more
  • 8 Days Ago

  • Planet Pharma Raleigh, NC
  • Role Represent regulatory on global and certain regional PRC (Promotional Review Committee) teams, SRC (Scientific Review Committee) teams and possess a th... more
  • 8 Days Ago


Not the job you're looking for? Here are some other Compliance Manager (NIST Cybersecurity Framework Maturity Lead) (Contract) jobs in the Aliso Viejo, CA area that may be a better fit.

  • Hoag Health System Costa Mesa, CA
  • Job Description The Program Manager Revenue Integrity Compliance supports implementation of the Revenue Integrity Compliance Program for Hoag Memorial Hosp... more
  • 20 Days Ago

  • Hoag Health System Costa Mesa, CA
  • Job Description Primary Duties and Responsibilities The Program Manager Revenue Integrity Compliance supports implementation of the Revenue Integrity Compl... more
  • 25 Days Ago

AI Assistant is available now!

Feel free to start your new journey!