Security and Compliance Manager
Aero Gear · Windsor, CT · 1 wk ago
Information TechnologyFull-time
About the role
The Security and Compliance Manager is responsible for managing Aero Gear's cybersecurity program and maintaining the organization's compliance posture across various regulatory frameworks.
Responsibilities
- Manage and maintain the organization's cybersecurity tool stack, including EDR, SIEM, email security, identity management, multi-factor authentication, and privileged access management solutions.
- Own and operate Aero Gear's CMMC Level 2 compliance program for IT, including maintaining the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and Assessment Workbook in alignment with NIST SP 800-171 Rev 2 and applicable DFARS requirements.
- Create, publish, maintain, and version-control the full library of IT security and compliance policies, procedures, standards, and work instructions; ensure documentation is current, accessible, and audit-ready at all times.
- Work directly with Aero Gear's internal auditor and any third-party assessors (C3PAOs) to facilitate compliance reviews, provide evidence packages, and coordinate timely remediation of identified gaps or findings.
- Plan, organize, and lead tabletop exercises and drills covering cybersecurity incident scenarios, business continuity, and regulatory compliance situations; document outcomes and drive improvement actions.
- Collaborate with department managers and process owners across the organization to assess security and compliance risks associated with IT systems, data handling practices, and proposed technology changes.
- Manage vulnerability and patch compliance programs across endpoints, servers, and network infrastructure; track remediation to closure and report risk posture to IT leadership.
- Administer and monitor user access controls, identity governance, and privileged account management in accordance with least-privilege principles and CMMC/NIST requirements.
- Collaborate with department managers and process owners across the organization to assess security and compliance risks associated with IT systems, data handling practices, and proposed technology changes.
- Coordinate and track security awareness training programs, phishing simulation campaigns, and compliance education initiatives for all personnel.
- Monitor and respond to security alerts, events, and incidents; maintain and test the incident response plan and serve as a key responder during active incidents.
- Evaluate new and existing vendor relationships for security and compliance risk; maintain a vendor risk register and support supply chain risk management activities.
Requirements
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent professional experience.
- 5+ years of progressive experience in IT security, compliance, or a combined role.
- Direct, hands-on experience with CMMC Level 2 or NIST SP 800-171 compliance programs strongly preferred.
- Experience in a defense manufacturing or ITAR-regulated environment is a significant plus.
- Security certifications are strongly preferred: CompTIA Security+, CISSP, CISM, or equivalent.
- Certifications such as CompTIA A+, Network+, or Microsoft Certified Professional (MCP) are a plus.
- CMMC Registered Practitioner (RP) or Certified Professional (CP) designation is a plus.
- Experience with Export Control administrative responsibilities is a plus.
Qualifications
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent professional experience.
- 5+ years of progressive experience in IT security, compliance, or a combined role.
- Direct, hands-on experience with CMMC Level 2 or NIST SP 800-171 compliance programs strongly preferred.
- Experience in a defense manufacturing or ITAR-regulated environment is a significant plus.
- Security certifications are strongly preferred: CompTIA Security+, CISSP, CISM, or equivalent.
- Certifications such as CompTIA A+, Network+, or Microsoft Certified Professional (MCP) are a plus.
- CMMC Registered Practitioner (RP) or Certified Professional (CP) designation is a plus.
- Experience with Export Control administrative responsibilities is a plus.