Job Description
Position Overview The Director of CMMC Services serves as the inaugural leadership position responsible for building and leading a team to develop and manage a CMMC-focused Managed Services Offering. This role initially combines virtual Chief Information Security Officer (vCISO) duties—encompassing cybersecurity strategy and client compliance guidance—with Director of Operations responsibilities, including processes, personnel, tools, and organizational structure. The incumbent will design and establish the business from its foundational stages, serving as the primary vCISO for clients until the organization grows sufficiently to hire a dedicated individual for that role.
The Director of CMMC Services will collaborate on the design, implementation, and oversight of all operational and compliance frameworks, working in close partnership with a CMMC consultant. This includes defining roles, responsibilities, and workflows for the Service Desk, Partner Success, Technical Alignment, Design Desk, and Project Services teams, ensuring alignment with the TruMethods framework.
Key Responsibilities CMMC Program Leadership • Define and lead the CMMC service delivery framework, including assessment, remediation, and monitoring processes.
• Collaborate with the CMMC consultant to act as vCISO for clients, delivering compliance roadmaps, policies, and risk management strategies.
• Partner with the CMMC consultant to develop processes for evidence collection, System Security Plan (SSP) and Plan of Actions and Milestones (POAM) creation, and ongoing compliance maintenance.
• Ensure all client engagements comply with NIST SP 800-171 and CMMC certification requirements.
Operations and Business Development • Develop and document Standard Operating Procedures (SOPs) for all departments, including Service Desk, Partner Success Manager (PSM), Technical Alignment Manager (TAM), Design Desk, and Project Services (PS), with validation from the CMMC consultant.
• Contribute to the selection, implementation, and optimization of the Managed Service Provider (MSP) tool stack, such as Professional Services Automation (PSA), Remote Monitoring and Management (RMM), compliance tools, and documentation systems.
• Assist in defining service tiers, packaging, and pricing for CMMC-aligned MSP offerings.
• Collaborate with the CMMC consultant to establish a governance structure, including weekly operations reviews, monthly compliance reviews, and client Quarterly Business Reviews (QBRs).
Leadership and Management • Assemble the initial team and oversee:
o Service Desk Manager (SDM), who manages Service Desk Engineers (SD1–3).
o Partner Success Manager (PSM), responsible for client relationships and vCIO functions.
o Technical Alignment Manager (TAM), focused on standards, best practices, and compliance alignment.
o Design Desk, which translates TAM and PSM findings into standardized solutions, scopes, and Statements of Work (SOWs) for delivery by Project Services.
o Project Services (PS), responsible for executing projects and compliance initiatives.
• Mentor, train, and develop the team in CMMC methodologies and MSP best practices.
• Partner with the Chief Security Officer (CSO) to advance business strategy, proposals, and client acquisition.
Qualifications • 10+ years of experience in cybersecurity, compliance, and operational leadership, with a preference for MSP or Managed Security Service Provider (MSSP) environments.
• In-depth knowledge of CMMC, NIST SP 800-171, and Defense Federal Acquisition Regulation Supplement (DFARS), with at least 5 years of hands-on experience in implementing and managing these frameworks.
• Demonstrated success in building or scaling service delivery teams, with at least 7 years in leadership roles involving team assembly, mentoring, and process development.
• Preferred certifications: Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CMMC-AB Registered Practitioner (RP) or Certified CMMC Professional (CCP), Project Management Professional (PMP), and IT Infrastructure Library (ITIL).
Job Tags
Full time, Remote work,