IT Cybersecurity Compliance Manager

At Weston Solutions, Inc. you will do meaningful work and make valuable contributions.
Employee-ownership at Weston is a path to professional growth and access to diverse opportunities in a highly connected community that works together across key service areas to make a difference in all the markets we serve. Weston continues to evolve and adapt to our changing world as a premier provider of environmental and infrastructure services for over sixty-five years. In both the public and private sectors our teams help identify, solve, mitigate, and manage critical environmental, energy and infrastructure issues to help clients achieve a more sustainable future.

Weston is seeking an IT Cybersecurity Compliance Manager. Also known as a Cybersecurity Maturity Model Certification (CMMC) Compliance Specialist, this individual will lead efforts to achieve and maintain compliance with the CMMC program at the appropriate level as required by government contracts. This position is responsible for assessing, implementing, and overseeing cybersecurity practices to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

Location: West Chester, PA

KEY ACCOUNTABILITIES

1. Lead and perform CMMC Level 2 readiness assessments and gap analyses.
2. Oversee the implementation of cybersecurity practices across 14 domains, including Access Control, Incident Response, and Risk Assessment that align with the families specified in the National Institute of Standards and Technology (NIST) SP 800-171.
3. Prepare documentation and evidence for CMMC audits.
4. Prepare for and facilitate CMMC assessments and third-party audits by Certified Third-Party Assessor Organizations (C3PAO).
5. Assist internal teams in understanding CMMC requirements and their impact on organizational processes, technology, and security posture.
6. Develop and deliver CMMC-related training programs for employees and stakeholders.
7. Coordinate security awareness training on recognizing and reporting potential indicators of insider threats.
8. Stay current on CMMC program changes and evolving cybersecurity standards from NIST and other relevant bodies.
9. Help evaluate any related external frameworks or standards (e.g., ITIL, COBIT, GDPR, CCPA National Institute of Standards and Technology [NIST] IT Standards, ISO 27001/27002, Center for Internet Security Critical Security Controls (SANS 20) etc.) or internal policies/standards (e.g., code of conduct, record retention, and acceptable use, etc.) to determine the relevant IT compliance requirements and controls.

QUALIFICATIONS, EXPERIENCE, & SKILLS

1. A bachelor’s degree in computer science, information security, or a related field is preferred.
2. Minimum of 5 years of experience in cybersecurity, with a focus on compliance frameworks, preferred.
3. In-depth knowledge of NIST SP 800-171 and related CMMC program requirements and standards.
4. Experience in the PreVeil Enterprise Solution is preferred.
5. Excellent interpersonal, communication, and conflict resolution skills.
6. Strong project management and excellent organizational skills.
7. Proven leadership and team management capabilities.
8. Meticulous attention to detail and commitment to ensuring the highest quality standards.
9. Proficient with Microsoft Office 365, i.e., Word, Excel, SharePoint.
10. Certification in the field of expertise is preferred, i.e., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified Internal Auditor (CIA).
11. Candidate must hold or be eligible for security clearance at the Secret level.

These job requirements are not exhaustive, and other duties may be assigned. WESTON reserves the right to modify the job description as needed.

We fully invest in our people: Weston provides a generous, comprehensive benefits package program that offers employees high value options with solid financial protection, meeting the personal needs of its people and their families.

1. Medical, Dental, Vision, 401K with base and matching employer stock contributions.
2. Paid time that includes personal, holiday and parental leave.
3. Life and disability plans.
4. Critical illness and accident plans.
5. Work/Life flexibility.
6. Professional development opportunities.

Compensation will vary based upon experience, education, skill level, and other compensable factors.