CMMC Program Manager

About Two Five SolutionsTwo Five Solutions delivers cybersecurity, compliance, and IT services to defense contractors and government clients. We're problem solvers first; a tight-knit team that believes in doing more with less by leveraging automation, AI, and smart processes to deliver exceptional results without bloat.Our approach is simple: small teams, high productivity, practical solutions. We specialize in helping organizations navigate complex compliance frameworks (CMMC 2.0, SOC 2, ISO 27001, PCI-DSS) while building resilient security and IT infrastructure. Whether it's managed compliance programs, security operations, or strategic IT buildouts, we focus on outcomes that matter, protecting our clients' operations and positioning them for growth.We serve our customers with three core service areas: Modern IT Services (infrastructure, managed IT, AI/automation, strategic consulting), Security Services (managed SOC, risk assessments, vCISO), and Governance, Risk & Compliance (managed compliance programs, assessments, consulting).The RoleWe're seeking a CMMC Program Manager to lead our growing compliance practice. You'll own customer relationships for our CMMC compliance engagements, manage program delivery, and build scalable processes as we expand our customer base. This is a high-impact role where you'll directly shape how defense contractors achieve and maintain their cybersecurity compliance.You'll manage customer engagements, each requiring ongoing compliance program management, evidence collection for 110 CMMC 2.0 L2 controls, SSP and POA&M maintenance, and coordination with C3PAOs for certification assessments.What You'll DoCustomer Program LeadershipOwn end-to-end compliance programs for defense contractor clientsConduct gap assessments against and CMMC 2.0 L2 requirementsDevelop and maintain System Security Plans (SSPs) and Plans of Action & Milestones (POA&Ms)Lead mock assessments and certification readiness reviewsServe as primary client point of contact for strategic compliance directionAssessment & Audit ManagementCoordinate C3PAO relationships and manage the certification assessment processPrepare clients for CMMC audits and serve as liaison with assessorsValidate technical and administrative controls across client environmentsIdentify gaps and develop practical remediation plansDocumentation & GovernanceCreate and update policies, procedures, and compliance documentationManage compliance artifacts in Compliance Automation platforms like DrataMaintain evidence repositories and control validation recordsEnsure alignment with DFARS 7012, NIST 800-171, and CMMC 2.0 requirementsTeam Development & Process BuildingGuide and mentor compliance analysts performing day-to-day evidence collectionBuild standardized delivery processes and playbooks that scaleIdentify opportunities for automation and AI to improve service deliveryContribute to practice growth and service offering developmentWhat You BringRequired:5+ years in cybersecurity compliance, risk management, or GRC rolesDeep working knowledge of NIST 800-171 and CMMC 2.0 frameworkExperience managing compliance programs or customer engagementsDemonstrated ability to author SSPs, POA&Ms, and security documentationUnderstanding of DoD contracting requirements (DFARS, FAR)Strong client-facing communication skillsAbility to translate technical security controls into business contextPreferred:Certified CMMC Professional (CCP) or Registered Practitioner (RP)Experience with C3PAO assessment processesFamiliarity with GCC-High or government cloud environmentsBackground in SOC 2, FedRAMP, ISO 27001, or other compliance frameworksExperience with compliance management platforms (Drata, Vanta, etc.)CISSP, CISA, or similar security certificationWorking Style:Self-directed and comfortable managing multiple customer programs simultaneouslyPractical problem-solver who focuses on outcomes over perfectionThrives in a small team environment where efficiency and productivity matterCollaborative team player who can also work independentlyClear, direct communicator who avoids corporate jargonInterested in leveraging technology and automation to scale impactWhat We OfferCompetitive salary commensurate with experienceIn-person collaborative work environment in Washington, DCOpportunity to build and shape a growing compliance practiceWork with mission-focused defense contractors and government clientsDirect impact on national security supply chain protectionSmall team where your contributions directly affect company successCulture that values productivity, problem-solving, and innovationLocationWashington, DC. This is an in-person position. Remote work may be considered for exceptional candidates in specific circumstances. recblid ntem7r03c5t3hmgkldsk6qvay844oy

Created: 2026-03-04