IT and Security Manager (On-Site)  Overview  We’re hiring a hands-on IT & Security Manager to lead our company through the CMMC certification process—from gap assessment and remediation planning to control implementation, evidence collection, and assessment readiness—while owning on-site IT operations, security governance, and compliance. You’ll administer Microsoft 365 and core IT platforms, secure our enclaves and endpoints, run SIEM/vulnerability/IR workflows, and lead audits (CMMC, NIST, FedRAMP alignment). You’ll report to the COO, collaborate closely with engineering, operations, and leadership, and ensure controls are effective without disrupting production.  Key Responsibilities  CMMC Program Leadership  * Own CMMC end-to-end: Gap analysis → remediation roadmap → control implementation (SSP/POA&M) → objective evidence library → assessment readiness.  * Assessment readiness: Coordinate internal audits, stakeholder drills, assessor engagement, and track findings to closure.  * Vendor due diligence and contract clauses for CUI handling.  IT Operations (ITSM) & Asset Lifecycle  * Service reliability: Own M365 tenant administration (Entra ID/SSO, Intune, Exchange, SharePoint/OneDrive), core IT services, and helpdesk workflows.  * Asset management: Provisioning, inventory, and lifecycle for laptops, peripherals, and enclave hardware; maintain CMDB accuracy.  * On/Offboarding: Role-based access, least-privilege, and auditable user transitions.  * Change management: Define CAB/approvals, back-out plans, and maintenance windows with minimal disruption.  Security Engineering & SecOps  * Controls & hardening: Enclaves, endpoints, VMs/containers (policy baselines, MFA, encryption in transit/at rest).  * SIEM & monitoring: Manage detections, triage alerts, and lead incident response/post-mortems.  * Vulnerability management: Scans (e.g., Nessus), risk-based prioritization, remediation SLAs, and verification.  * Network & endpoint security: Firewalls, VPNs (WireGuard/OpenVPN/IPsec), IDS/IPS, EDR, device posture.  * Automation: PowerShell, Bash, and Python for baselines, hardening, and evidence capture.  Security Evaluations (Software/Hardware)  * Tool & hardware reviews: Perform security evaluations of software tools and hardware (pre-procurement and periodic) to ensure compliance with CMMC/NIST controls and internal standards.  * Standards & artifacts: Assess against benchmarks, DISA STIGs, vendor hardening guides; verify SBOMs, patch cadence, logging/telemetry, data residency, encryption, and identity integrations (SSO/MFA/SCIM).  * 3rd-party risk: Run security questionnaires, review pen-test/SOC 2/FedRAMP reports, and document compensating controls and residual risk.  Compliance, Audit & Risk  * Framework ownership: CMMC, NIST 800-171/53, CSF; support FedRAMP alignment where applicable.  * Documentation: Maintain SSP, POA&M, policies/standards, diagrams, data flows, and objective evidence mapped to practices.  * Assessments & audits: Internal audits, vendor risk reviews, external assessor support.  * Training & awareness: Security and CUI handling enablement across teams.  On-Site Responsibilities  * Hands-on enclave access/process support, break/fix triage, and lab/office network hygiene.  * Vendor/tooling evaluation, renewals, and contracts that meet security/compliance needs.    Required Qualifications  * 5+ years in IT operations/service management and security within regulated/public-sector or similar environments.  * CMMC/NIST 800-171 leadership (gap analysis, remediation, evidence, assessor readiness).  * M365 administration (Entra ID/SSO, Intune, Exchange, SharePoint/OneDrive) and endpoint management.  * SecOps: SIEM, vulnerability management, incident response; strong network security fundamentals.  * Scripting/automation: PowerShell, Bash, and/or Python.  * Communication & leadership: Clear writing, stakeholder influence, cross-team enablement.  * Education: Bachelor’s in CS/IT/Cybersecurity or equivalent experience.  * US Citizenship required.  Preferred Qualifications * CISSP, CISM, Security+, or audit certs (e.g., CISA).  * Experience with container hardening and Terraform/Kubernetes governance (policy/admission controls)—advisory/controls focus.  * Familiarity with FedRAMP, DoD IL4/IL5 expectations and evidence workflows.  * Project management experience running multi-team initiatives.  Nice to Have Qualifications: * Exposure to spatial/immersive tech or game-engine security.  * Cloud or full-stack development experience (for automation/internal tools).  * Experience supporting public-sector customers and responding to RFP/security questionnaires.