Technical Project Manager (Security)

Job Summary

We are seeking a hands-on Technical Program Manager (TPM) to lead the implementation of Cybersecurity Maturity Model Certification (CMMC) Level 2 and beyond, while also driving compliance with other relevant control families (e.g., NIST SP 800-171, ISO 27001, and similar frameworks). This role requires a technically proficient individual who can actively contribute to the development of security controls, policies, and technical documentation, rather than solely focusing on administrative tasks. The ideal candidate will balance program management responsibilities-such as coordinating cross-functional teams, tracking milestones, and facilitating meetings-with direct technical involvement to ensure robust, actionable cybersecurity outcomes. You will play a pivotal role in enhancing our organization's security posture, reporting directly to the Head of IT Security, and collaborating with engineering, compliance, and operations teams.

Key Responsibilities

• Lead CMMC Implementation: Drive the end-to-end rollout of CMMC 2.0 requirements, including assessment preparation, gap analysis, control implementation, and certification readiness. Focus on Levels 1-3, ensuring protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).
• Manage Compliance Across Control Families: Oversee integration and alignment with additional cybersecurity frameworks, such as NIST, CIS Controls, or industry-specific standards, to create a cohesive compliance strategy.
• Hands-On Technical Contributions: Actively author and review technical documents, including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), policies, procedures, and architecture diagrams. Participate in vulnerability assessments, control testing, and remediation efforts to ensure practical, effective implementations.
• Program Management Execution: Develop and maintain project roadmaps, timelines, and resource allocation for security initiatives. Track progress using tools like Jira, Microsoft Project, or similar, while facilitating stakeholder meetings, risk assessments, and status reporting.
• Cross-Functional Collaboration: Work closely with IT, engineering, legal, and external auditors to align on objectives, resolve technical blockers, and foster a culture of security awareness. Provide technical guidance to team members and contribute to problem-solving sessions.
• Risk and Issue Management: Identify, prioritize, and mitigate risks related to compliance and security implementations. Conduct regular audits and simulations to validate control effectiveness.
• Continuous Improvement: Stay abreast of evolving cybersecurity regulations and best practices, recommending enhancements to processes and tools to streamline compliance efforts.
• Reporting and Metrics: Prepare executive-level reports on program status, compliance metrics, and key performance indicators (KPIs), ensuring transparency and data-driven decision-making.

While administrative duties such as meeting facilitation, note-taking, and schedule management are essential, this role emphasizes direct technical impact and team contribution over pure oversight.

Required Qualifications

• Education: Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications such as Certified CMMC Professional (CCP), CISSP, CISM, or PMP are highly preferred.
• Experience: 5+ years in technical program management, with at least 3 years focused on cybersecurity compliance frameworks like CMMC, NIST, or equivalent. Proven track record of hands-on implementation in security projects, including authoring technical artifacts.
• Technical Skills: Strong understanding of cybersecurity controls, including access management, encryption, incident response, and network security. Proficiency in tools for documentation (e.g., Confluence, Microsoft Visio) and project management (e.g., Agile/Scrum methodologies).
• Soft Skills: Excellent communication and interpersonal skills, with the ability to translate complex technical concepts to non-technical stakeholders. Demonstrated ability to work independently and collaboratively in a fast-paced environment.

Other: Must be eligible to work with sensitive information and pass necessary background checks. Experience in regulated industries (e.g., defense, government contracting) is a plus.

Preferred Skills

• Familiarity with cloud security (e.g., AWS, Azure) and DevSecOps practices.
• Experience with automation tools for compliance monitoring (e.g., scripting in Python, integration with SIEM systems).
• Prior involvement in third-party assessments or audits for CMMC or similar certifications.

Spire operates a hybrid work model, and this position will require you to work a minimum of three days per week in the office.

Access to US export-controlled software and/or technology may be required for this role. If needed, Spire will arrange the necessary licenses-this is not something candidates need to have before applying. #LI-DC1