Jobs · Information Technology · Connecticut

Security and Compliance Manager

Aero Gear · Windsor, CT · 1 wk ago
Information TechnologyFull-time

About the role

The Security and Compliance Manager is responsible for managing Aero Gear's cybersecurity program and maintaining the organization's compliance posture across various regulatory frameworks.

Responsibilities

  • Manage and maintain the organization's cybersecurity tool stack, including EDR, SIEM, email security, identity management, multi-factor authentication, and privileged access management solutions.
  • Own and operate Aero Gear's CMMC Level 2 compliance program for IT, including maintaining the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and Assessment Workbook in alignment with NIST SP 800-171 Rev 2 and applicable DFARS requirements.
  • Create, publish, maintain, and version-control the full library of IT security and compliance policies, procedures, standards, and work instructions; ensure documentation is current, accessible, and audit-ready at all times.
  • Work directly with Aero Gear's internal auditor and any third-party assessors (C3PAOs) to facilitate compliance reviews, provide evidence packages, and coordinate timely remediation of identified gaps or findings.
  • Plan, organize, and lead tabletop exercises and drills covering cybersecurity incident scenarios, business continuity, and regulatory compliance situations; document outcomes and drive improvement actions.
  • Collaborate with department managers and process owners across the organization to assess security and compliance risks associated with IT systems, data handling practices, and proposed technology changes.
  • Manage vulnerability and patch compliance programs across endpoints, servers, and network infrastructure; track remediation to closure and report risk posture to IT leadership.
  • Administer and monitor user access controls, identity governance, and privileged account management in accordance with least-privilege principles and CMMC/NIST requirements.
  • Collaborate with department managers and process owners across the organization to assess security and compliance risks associated with IT systems, data handling practices, and proposed technology changes.
  • Coordinate and track security awareness training programs, phishing simulation campaigns, and compliance education initiatives for all personnel.
  • Monitor and respond to security alerts, events, and incidents; maintain and test the incident response plan and serve as a key responder during active incidents.
  • Evaluate new and existing vendor relationships for security and compliance risk; maintain a vendor risk register and support supply chain risk management activities.

Requirements

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent professional experience.
  • 5+ years of progressive experience in IT security, compliance, or a combined role.
  • Direct, hands-on experience with CMMC Level 2 or NIST SP 800-171 compliance programs strongly preferred.
  • Experience in a defense manufacturing or ITAR-regulated environment is a significant plus.
  • Security certifications are strongly preferred: CompTIA Security+, CISSP, CISM, or equivalent.
  • Certifications such as CompTIA A+, Network+, or Microsoft Certified Professional (MCP) are a plus.
  • CMMC Registered Practitioner (RP) or Certified Professional (CP) designation is a plus.
  • Experience with Export Control administrative responsibilities is a plus.

Qualifications

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent professional experience.
  • 5+ years of progressive experience in IT security, compliance, or a combined role.
  • Direct, hands-on experience with CMMC Level 2 or NIST SP 800-171 compliance programs strongly preferred.
  • Experience in a defense manufacturing or ITAR-regulated environment is a significant plus.
  • Security certifications are strongly preferred: CompTIA Security+, CISSP, CISM, or equivalent.
  • Certifications such as CompTIA A+, Network+, or Microsoft Certified Professional (MCP) are a plus.
  • CMMC Registered Practitioner (RP) or Certified Professional (CP) designation is a plus.
  • Experience with Export Control administrative responsibilities is a plus.

Similar jobs