Job ID - 417823
Job Title - CMMC Level 2 Project Manager
Skill - Project Management
Minimum Experience - 10 - 15 Years
Qualification - BACHELOR OF COMPUTER SCIENCE
Location - Blue Bell, PA
Must Have Technical/Functional Skills
The CMMC Level 2 Project Manager leads the planning, coordination, and execution of initiatives required to achieve and maintain Cybersecurity Maturity Model Certification (CMMC) Level 2 compliance. This role partners across Information Security, Infrastructure, Application teams, Legal, HR, Procurement, and business stakeholders to deliver a structured compliance program aligned to NIST SP 800-171 requirements, Controlled Unclassified Information (CUI) protection expectations, assessment readiness, and ongoing certification maintenance.
Key Responsibilities
· Lead the end-to-end CMMC Level 2 program, including scope definition, project planning, governance, dependency management, risk tracking, issue resolution, and executive reporting.
· Coordinate cross-functional implementation of controls aligned to NIST SP 800-171 and CMMC Level 2 requirements for systems that store, process, or transmit CUI.
· Develop and maintain the integrated project plan, milestone schedule, RAID log, resource plan, and status reporting cadence.
· Partner with control owners to assess current-state maturity, identify gaps, prioritize remediation activities, and track closure of deficiencies.
· Drive development and maintenance of required compliance artifacts, including policies, procedures, system security plans, evidence inventories, diagrams, and assessment support documentation.
· Coordinate readiness activities for internal reviews, mock assessments, self-assessments, or C3PAO-led assessments, including interview preparation and evidence validation.
· Facilitate scoping decisions, boundary definition, enclave planning, and system inventory alignment to support defensible assessment readiness.
· Monitor POA&M items, remediation timelines, and control implementation progress to ensure readiness targets are met.
· Support SPRS-related coordination, affirmation preparation, and documentation needed for ongoing compliance activities, where applicable.
· Manage vendor, consultant, and assessor engagement activities related to the compliance program.
· Establish program governance forums and provide concise updates to leadership on schedule, risks, costs, dependencies, and certification readiness.
· Promote sustainable compliance by embedding repeatable processes, ownership clarity, and continuous monitoring practices after certification.
Required Qualifications
· Bachelor’s degree in Information Technology, Cybersecurity, Business, Project Management, or a related field, or equivalent practical experience.
· 5+ years of project or program management experience leading complex cross-functional initiatives.
· Direct experience supporting CMMC 2.0, NIST SP 800-171, DFARS cybersecurity requirements, or comparable regulated compliance programs.
· Strong understanding of CMMC Level 2 expectations, including protection of CUI, assessment readiness, evidence management, and remediation planning.
· Experience building and managing integrated project plans with multiple workstreams across technical and non-technical teams.
· Demonstrated ability to manage risks, dependencies, budgets, timelines, and stakeholder communication in a highly regulated environment.
· Strong written and verbal communication skills, including the ability to translate technical compliance requirements into clear business actions.
· Proficiency with project management methods, reporting tools, and governance processes.
Preferred Qualifications
· PMP, PRINCE2, Certified ScrumMaster, or similar project management certification.
· Experience working with defense contractors, government suppliers, or organizations handling CUI.
· Familiarity with C3PAO assessment preparation, SPRS submissions, and continuous compliance practices.
· Knowledge of related frameworks such as NIST SP 800-171A, NIST SP 800-53, FedRAMP, ISO 27001, or risk management frameworks.
· Experience coordinating cybersecurity, infrastructure, identity, endpoint, and policy remediation workstreams.
· Background in audit readiness, compliance documentation, or regulated control testing.
Core Competencies
· Program leadership and cross-functional coordination
· Compliance planning and execution discipline
· Risk and issue management
· Executive communication and stakeholder management
· Documentation governance and evidence organization
· Problem-solving and decision-making
· Attention to detail and follow-through
· Change management and organizational alignment
Success Measures
· Program milestones achieved on schedule.
· Documented reduction of control gaps and timely closure of remediation items.
· Assessment artifacts are complete, organized, and audit-ready.
· Stakeholders are aligned on scope, ownership, and compliance priorities.
· The organization achieves and sustains CMMC Level 2 readiness or certification with minimal disruption to operations.