IT & Compliance Manager

Who We Are: LINK is a fast-growing Woman Owned Small Business (WOSB) that leverages human-centered design to support strategy, innovation, communication, change, and branding within the federal government and adjacent industry partners. At LINK, we partner with engineers, futurists, and thought leaders to untangle complexity, discover opportunity, and communicate clearly with visual stories. Let us be your partners in change. About the Opportunity: The IT & Compliance Manager is a hands-on leadership role responsible for managing LINK’s day-to-day IT operations, cybersecurity program, and regulatory compliance posture. This role is the company’s primary internal owner of IT governance and federal compliance, most critically, leading the organization through its Cybersecurity Maturity Model Certification (CMMC) Level 2 third-party assessment and maintaining certification on an ongoing basis. Operating within a Google Workspace and macOS environment, this role directs an external managed service provider (MSP) responsible for help desk support and device management, while serving as the internal authority on all IT and compliance decisions. The IT & Compliance Manager will build repeatable processes and a maturing IT infrastructure that supports LINK’s continued growth as a government contractor. Qualifications: Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field 5 - 8 years of progressive IT leadership experience, including: 2+ years in a government contracting or federal consulting environment Demonstrated hands-on experience with CMMC, NIST SP 800-171, or equivalent federal cybersecurity frameworks Experience managing or overseeing a managed service provider relationship Hands-on experience with Google Workspace administration and enterprise security configuration Demonstrated experience managing macOS endpoints including Apple Business Manager and MDM platforms Proven ability to develop, document, and implement information security policies, SSPs, and POA&Ms Demonstrated ability to communicate complex technical and compliance concepts to non-technical leadership Responsibilities: CMMC & Regulatory Compliance Serve as the primary owner and internal lead for LINK’s CMMC Level 2 certification and third-party assessment (C3PAO) process Develop, maintain, and enforce the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and all CMMC documentation Ensure continuous compliance with NIST SP 800-171 controls and CMMC Level 2 practices across all in-scope systems and processes Monitor evolving federal cybersecurity mandates including DFARS clauses, FAR, and CUI handling requirements Lead annual self-assessments and support recurring third-party assessments to maintain certification standing Manage and control Controlled Unclassified Information (CUI) policies, procedures, and employee training Managed Service Provider (MSP) Oversight Manage LINK’s MSP relationship for help desk support, laptop provisioning, and device lifecycle management Define clear SLAs, performance expectations, and accountability structures for the MSP Ensure MSP operations are aligned with CMMC requirements and LINK’s security policies Evaluate MSP performance regularly and make recommendations regarding vendor continuation, renegotiation, or transition Act as the internal escalation point for all MSP-related issues and serve as the primary liaison for the vendor relationship Process Development & Operational Maturity Assess and document current-state IT operations, identifying informal or undocumented processes that require standardization Develop a process maturity roadmap that prioritizes compliance-critical workflows and scales with organizational growth Design, document, and maintain SOPs for core IT functions including device provisioning, change control, and service request management Implement a formal IT change management process including change advisory, approval workflows, and rollback procedures Conduct regular process reviews to identify inefficiencies, close gaps, and incorporate lessons learned from audits and incidents Cybersecurity & Incident Response Implement LINK’s cybersecurity program including threat monitoring, vulnerability management, and endpoint protection Develop, test, and maintain the Incident Response Plan (IRP) and Business Continuity/Disaster Recovery (BC/DR) plans Manage security awareness training and simulated phishing programs for all staff Manage identity and access management, multi-factor authentication (MFA), and least-privilege access controls Business Operations & Technology Integration Collaborate with operations, program management, and finance to ensure IT and business systems support contract delivery Support business development and capture teams with IT/security sections for proposals, including CMMC compliance attestations Provide input to leadership on technology budget planning, forecasting, and vendor spend management Implement technology solutions that improve internal business operations, productivity, and scalability Support onboarding and off-boarding processes to ensure secure and efficient employee IT lifecycle management Work Schedule: Full time, 40 hours per week Some travel required to attend relevant events and conferences, and participate in LINK team events Salary: We're committed to offering competitive compensation. While the salary range for this position is $105,000-$130,000, your final offer may be adjusted based on factors like experience and location. Benefits: $100 monthly internet/cell phone stipend LINK sponsored healthcare benefits including medical, dental, vision Company-paid Short Term Disability Insurance 401K with employer contribution of up to 4% 11 Federal Holidays per year 15 days of Paid Time Off (PTO) per year Paid Holiday Time Off (Christmas Eve through the New Year) Annual bonus plan participation Annual profit sharing participation $2,000 Learning and Development program reimbursement Technology package that includes a LINK-owned MacBook Pro, monitor, mouse and keyboard EOE