CMMC Program Manager

Job Description
CMMC Program Manager
Position Summary
The CMMC Program Manager for Level 2 Cybersecurity leads the planning, execution, and governance of the organization’s compliance with NIST SP 800‑171 and CMMC Level 2 requirements. This role oversees the people, processes, and technologies required to protect Controlled Unclassified Information (CUI), ensuring readiness for assessments by a Certified Third‑Party Assessment Organization (C3PAO). This role will partner with other corporate entities to drive cybersecurity initiatives, manage compliance projects, and maintain continuous adherence to federal contract requirements.
Key Roles & Responsibilities

• Serve as the primary liaison between corporate leadership, Operations, and technical teams regarding CMMC Level 2 requirements.
• Lead the development, execution, and maintenance of the organization’s CMMC compliance roadmap.
• Establish governance structures, reporting mechanisms, and project controls to ensure sustained compliance.
• Oversee cross‑functional project teams, set priorities, assign tasks, and ensure milestones are met.

CUI Identification & Operational Integration

• Collaborate with Operations to determine whether proposals, projects, or pursuits involve CUI.
• Ensure all CUI‑related activities follow NIST SP 800‑171 controls and CMMC Level 2 requirements.
• Guide operational teams through required cybersecurity processes, documentation, and evidence collection.

Security Controls Implementation

• Manage implementation of the 110 NIST SP 800‑171 security requirements across people, processes, and technology.
• Coordinate with IT and security teams to ensure technical controls (e.g., MFA, logging, access control, encryption) are properly deployed and maintained.
• Track Plan of Action & Milestones (POA&M) items and ensure timely remediation.

Vendor & Supply Chain Risk Management

• Ensure third‑party vendors, subcontractors, and service providers meet CMMC Level 2 requirements.
• Review contracts, validate vendor compliance, and manage supply chain cybersecurity risks.

Audit & Assessment Readiness

• Prepare documentation, artifacts, and evidence required for internal reviews and external C3PAO assessments.
• Lead mock assessments, gap analyses, and readiness reviews.
• Maintain continuous compliance posture and ensure audit findings are addressed promptly.

Training, Awareness & Workforce Eligibility

• Partner with HR to ensure employees working with CUI meet eligibility and screening requirements.
• Develop and deliver cybersecurity awareness and role‑based training programs.
• Promote a culture of security across the organization.

Risk Management & Reporting

• Identify cybersecurity risks, evaluate impact, and recommend mitigation strategies.
• Provide regular updates to leadership on compliance status, risks, and project progress.
• Maintain documentation, policies, and procedures aligned with federal cybersecurity standards.

Required Skills & Experience:

• Bachelor’s degree in technical discipline practices by the Firm including Engineering, Environmental Science or Geology and a minimum of 10 years’ related experience. Or in lieu of a degree, a minimum of 14 years’ related experience.
• Extensive program or project management experience leading complex, cybersecurity initiatives.
• Deep knowledge of CMMC Level 2, NIST SP 800‑171, and related frameworks (e.g., NIST CSF).
• Experience supporting cybersecurity compliance for federal contracts or defense‑related projects.
• Travel up to 50%.
• Strong understanding of audit processes, evidence collection, and risk analysis methodologies.
• Experience preparing for or participating in C3PAO assessments.
• Ability to influence and collaborate with stakeholders across technical and non‑technical teams.
• Excellent communication, leadership, and organizational skills.
• Experience with organizational change management is beneficial.
• Valid driver’s license with acceptable violation history.

This position has been categorized as a "Remote Only" position. “Remote Only” employees do not have a designated workspace at an office, and typically work from home or another location.
The national standard salary range for this position is $111,400 - $152,700. The base range may be adjusted based on the specific location of the applicant. Final agreed upon compensation is based upon individual qualifications and experience.
About Terracon
Terracon is a 100 percent employee-owned multidiscipline consulting firm comprised of more than 8,000 curious minds focused on solving engineering and technical challenges from more than 200 locations nationwide. Since 1965, Terracon has evolved into a successful multi-discipline firm specializing in environmental, facilities, geotechnical, and materials services. Terracon’s growth is due to our talented employee-owners exceeding expectations in client service and growing their careers with new and exciting opportunities in the marketplace.
Terracon’s vision of “Together, we are best at people” is demonstrated through our excellent compensation and benefits package. Based on eligibility, role and job status, we offer many programs including medical, dental, vision, life insurance, 401(k) plan, paid time off and holidays, education reimbursement, and various bonus programs.
EEO Statement
Terracon is an EEO employer. We encourage qualified minority, female, veteran and disabled candidates to apply and be considered for open positions. We do not discriminate against any applicant for employment, or any employee because of race, color, religion, national origin, age, sex, sexual orientation, gender identity, gender, disability, age, or military status.