CMMC Project Manager (Azure)

(Azure + Microsoft Security | 3rd Party Managed Services)

Project duration: 6 9-months

Summary:

We are seeking a contract Project Manager to lead a high-visibility IT infrastructure and cybersecurity initiative to build a secure CMMC-aligned enclave in Azure and enable multiple businesses to onboard and operate within the environment to support third-party certification readiness.

The enclave s infrastructure and security services are delivered and operated by an outsourced managed services provider (MSP/MSSP). This role will manage execution across internal stakeholders and the MSP/MSSP, ensuring delivery is aligned to technical requirements, compliance expectations, timelines, and audit-ready documentation.

Key Responsibilities

• Lead end-to-end project execution for the expanded design, build, and rollout of a secure Azure-based CMMC enclave, supporting multiple business entities.
• Serve as the primary project manager coordinating across IT/Security stakeholders, business units, and the MSP delivering the environment.
• Develop and maintain the integrated project plan, timeline, milestones, and RAID log (risks/actions/issues/decisions).
• Manage vendor/MSP&MSSP delivery including scope alignment, execution tracking, dependencies, deliverable acceptance, and issue escalation.
• Establish clear scope boundaries between the enclave core baseline (shared services) and business-specific customization requirements.
• Coordinate technical implementation and readiness activities delivered through the MSP, including:
• Azure landing zone / subscription structure, segmentation, and governance
• Network design and isolation (hub/spoke, routing, connectivity, firewalling)
• Identity and access management using Entra ID (Azure AD), MFA, RBAC, Conditional Access
• Endpoint management and hardening using Intune and Defender for Endpoint
• Security posture management and compliance monitoring using Microsoft Defender for Cloud
• Centralized logging/monitoring using Microsoft Sentinel (SIEM), Log Analytics, alerting
• Key management / secrets / encryption (Key Vault, encryption at rest/in transit)
• Backup/recovery strategy, retention planning, and operational support readiness
• Drive creation of a repeatable multi-business onboarding framework, including intake, standard configurations, variation handling, and validation.
• Partner with Cybersecurity and compliance stakeholders to translate CMMC/NIST expectations into actionable work packages and measurable deliverables.
• Ensure operational processes are defined and adopted for the enclave, including access provisioning, change control, incident response coordination, and escalation paths.
• Drive documentation and audit readiness: policies, SOPs, control narratives, diagrams, and proof of operation (with evidence gathered from both internal teams and the MSP).
• Coordinate testing, validation, cutover planning, and go-live readiness; ensure post-launch stabilization ( hypercare ) and transition to steady-state operations.
• Provide clear stakeholder communications and executive-level status reporting, proactively surfacing risks, schedule threats, and mitigation options.
• Process and track one-time and re-occurring project invoices against the budget. Develop, manage, and maintain the operating cost model for each of the included businesses.

Required Skills & Experience

• 7+ years of IT project/program management experience, including technical infrastructure and security programs.
• Demonstrated success managing delivery through third-party vendors / managed service providers, including milestone tracking, SLA/OLA alignment, escalation, and deliverable acceptance.
• Proven track record delivering complex, cross-functional initiatives involving infrastructure, identity, networking, and cybersecurity.
• Strong familiarity with Azure and Microsoft security ecosystem, including:
• Azure core services and governance concepts
• Entra ID (Azure AD), MFA, Conditional Access, RBAC
• Microsoft Defender (Endpoint and Cloud)
• Intune device management and compliance
• Microsoft Sentinel (SIEM) and Log Analytics
• Working understanding of compliance-driven delivery and audit readiness (experience with CMMC, NIST 800-171, or similar frameworks strongly preferred).
• Ability to manage multiple stakeholders and onboard multiple business units with varying requirements and timelines.
• Strong documentation discipline and ability to drive teams (including vendors) to produce assessor-ready evidence.
• Excellent communication and leadership skills comfortable working with executives, engineers, auditors/assessors, and vendor leadership.
• Tools proficiency: MS Project / Smartsheet / Jira/ SharePoint, Visio (or similar).

Preferred Qualifications

• Experience supporting environments for CMMC Level 2 readiness and/or NIST SP 800-171 implementation programs.
• Strong knowledge of secure networking concepts (segmentation, private connectivity, firewalling, zero trust).
• Experience coordinating third-party assessment readiness activities (mock audits, evidence walkthroughs, remediation plans).

Certifications: PMP, CISSP, CISM, Azure certs (AZ-104/AZ-305/SC