Apply on Employer Site

GE Vernova · 6 days ago

CMMC Compliance Manager / ISSO

Findlay, PA

Full-time

Onsite

Mid, Senior Level

$97K/yr - $162K/yr

6+ years exp

GE Vernova is seeking a highly motivated CMMC Compliance Manager to ensure compliance with Cybersecurity Maturity Model Certification standards. The role involves developing compliance strategies, conducting audits, and collaborating with various teams to enhance the company's cybersecurity posture.

EnergyEnergy EfficiencySustainability

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Develop and implement CMMC compliance strategies and policies to ensure that all research and development activities meet CMMC standards

Conduct regular audits and assessments to identify and mitigate cybersecurity risks and vulnerabilities

Collaborate with cross-functional teams, including IT, legal, and project management, to ensure CMMC compliance across all projects and initiatives

Provide training and guidance to employees on CMMC requirements and best practices

Stay current with CMMC updates and industry trends and advise leadership on necessary adjustments to compliance strategies

Prepare and maintain documentation required for CMMC certification and audits

Work with external auditors and certification bodies to facilitate CMMC assessments and certifications

Develop and maintain a CMMC compliance program that aligns with GE Vernova’s overall cybersecurity strategy

Ensure compliance with all applicable U.S. Government security regulations for information systems and networks under the NIST Risk Management Framework (RMF) process in accordance with the DCSA Assessment and Authorization Process Manual (DAAPM)

Perform and review technical security assessments to identify vulnerabilities and ensure compliance with information assurance standards and regulations

Conduct regular security audits and assessments

Prepare, modify and review system security plans (SSP)

Identify information system risks and possible mitigation measures, documenting these in various risk reports and Plans of Action and Milestones (POA&Ms)

Qualification

CMMC complianceCybersecurity principlesRisk managementNIST 800-171ISO 27001CMMC certificationAnalytical skillsFederal regulationsSecurity technologiesCUI regulationsIAT Level II certificationRMFSTIGsCommunication skillsInterpersonal skillsProblem-solving skills

Required

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. A Master's degree is a plus

Professional certification in CMMC (e.g., CMMC Registered Practitioner, CMMC Provisional Assessor) is required

Minimum of 6-7 years of experience in cybersecurity, with a focus on CMMC compliance or a similar framework (e.g., NIST 800-171, ISO 27001)

Strong understanding of cybersecurity principles, risk management, and compliance frameworks

Excellent communication and interpersonal skills, with the ability to collaborate effectively with diverse teams

Strong analytical and problem-solving skills, with the ability to identify and mitigate cybersecurity risks

Familiarity with federal cybersecurity regulations and standards, particularly those relevant to the defense industries

Ability to maintain a U.S. security clearance, prerequisite for clearance is U.S. citizenship

Knowledge of security technologies, such as CCTV systems, access control systems, and cybersecurity tools

Preferred

Deep understanding of Controlled Unclassified Information (CUI) regulations, including NIST SP 800-171 and DFARS

Familiarity with FAR, DFARS, ITAR, and EAR regulations and how they apply to CUI handling

Experience developing and overseeing CUI programs to ensure compliance with federal regulations

An active U.S. security clearance

IAT Level II certification

Knowledge of NIST Risk Management Framework (RMF), DCSA Assessment and Authorization Process Manual (DAAPM), National Industrial Security Program Operating Manual (NISPOM), and NISP Enterprise Mission Assurance Support Service (eMASS)

Knowledge of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), classified computer operations, and experience with the technical configuration requirements for various operating systems

Knowledge and experience identifying, assessing, and documenting compliance against applicable DoD security controls (technical, management, operational), within RMF packages

Benefits

Healthcare benefits include medical, dental, vision, and prescription drug coverage; access to a Health Coach, a 24/7 nurse-based resource; and access to the Employee Assistance Program, providing 24/7 confidential assessment, counseling, and referral services.

Retirement benefits include the GE Retirement Savings Plan, a tax-advantaged 401 (k) savings opportunity with company matching contributions and company retirement contributions, as well as access to Fidelity resources and planning consultants.

Other benefits include tuition assistance, adoption assistance, paid parental leave, disability insurance, life insurance, and paid time-off for vacation or illness.

Company

GE Vernova

Glassdoor3.8

GE Vernova provides energy consulting, gas power, and grid solutions.

Founded in 2024

Boston, Massachusetts, USA

10001+ employees

https://www.gevernova.com

Funding

Current Stage

Public Company

Total Funding

$7.68M

Key Investors

U.S. Department of Energy Office of ElectricityARPA-E

2024-12-03Grant· $1.99M

2024-12-03Grant· $2.99M

2024-11-18Grant· $2.7M

Leadership Team

Scott Reese

President and CEO, GE Digital

Scott Strazik

Chief Executive Officer

Recent News

Investor's Business Daily

Trump To Propose Tech Giants Fund Power Grid Buildouts, Energy Stocks Swing

2026-01-21

The Motley Fool

3 Dividend Stocks to Hold for the Next 10 Years

2026-01-21

PR Newswire

Global Traction Equipment Market Size to Reach USD 14,827.1 Million by 2032, Driven by Transport Electrification and Rail Modernization - Credence Research

2026-01-20

Company data provided by crunchbase