Cyber Compliance Officer

At PMAT, we work on mission critical systems that directly support the warfighter, designing, building, and securing modern digital capabilities across cloud, data, and software environments. Our teams tackle complex, real-world challenges where delivery matters more than theory, and innovation is driven by curiosity, collaboration, and purpose.

In this role, you'll lead and mature PMAT's internal cybersecurity program, working alongside engineering, IT, and executive leadership to shape a strong, modern security posture. You'll protect corporate systems, manage enterprise risk, and help teams move fast and responsibly, enabling growth, innovation, and compliance without sacrificing agility.

About the role: The Cyber Compliance Officer is responsible for establishing , implementing, and maintaining the cybersecurity program for assigned information systems. You will ensure compliance with DoD, DON, and NIST requirements, manage risk, and serve as the senior cybersecurity authority responsible for corporate compliance oversight and project-level cybersecurity compliance as required .

Responsibilities:

Governance & Compliance

• Lead the Risk Management Framework (RMF) lifecycle for assigned systems.
• Maintain the System Security Plan (SSP) and all RMF artifacts.
• Ensure continuous monitoring, POA&M management, and annual reviews.
• Coordinate with AO, SCA, ISSO, and system owners.
• Lead corporate cybersecurity compliance initiatives including CMMC
  (32 CFR P art 170) , NIST SP 800-171, FISMA, CSIP, and related regulatory frameworks.
• Support project-level compliance activities as needed, including RMF documentation and validation efforts.
• Manage IATO/ATO and IATT/ATT processes and documentation.
• Conduct internal auditing and readiness assessments to ensure compliance posture.
• Ensure timely documentation updates across all security artifacts and compliance records.

Cybersecurity Program Leadership

• Develop and enforce cybersecurity policies and procedures.
• Oversee ISSOs and ensure proper execution of security tasks.
• Manage cybersecurity workforce qualifications (DoD 8140/8570).
• Conduct internal audits and readiness assessments.
• Lead incident response planning and ensure preparedness across corporate and project environments.

Technical Oversight

• Validate system configurations against STIGs and security baselines.
• Ensure vulnerability scanning, patching, and remediation.
• Oversee secure system design, integration, and change management.
• Approve or deny system changes from a cybersecurity perspective.

Risk Management

• Identify , document, and communicate cybersecurity risks.
• Recommend mitigations and risk acceptance strategies.
• Prepare risk briefings for leadership and the Authorizing Official.

Incident Response & Reporting

• Coordinate with the Cybersecurity Service Provider (CSSP).
• Ensure proper detection, reporting, and remediation of incidents.
• Maintain incident logs and after-action documentation.
• Develop and maintain formal incident response plans and tabletop exercises.

About Us: PMAT is an innovative small business founded with a passion for developing forward-leaning solutions from exceptional people that increase the mission's capability. We focus on designing and building impactful digital solutions that utilize modern cloud, data, and software concepts. Our passion is working on complex and progressive challenges such as edge platform computing, containerizing legacy platforms, distributed data platforms, or heterogeneous data analysis.

We recruit, retain , and foster a team motivated to pursue passions, investigate new ways of doing things, and embody an innovative and entrepreneurial spirit. We believe in being curious about every element of a problem and experiment relentlessly. We foster continuous learning in an environment that encourages positive collaboration and expands our capabilities. We tap into collective intelligence, acknowledging that the most brilliant people may not be in the room. Above all else , we believe that delivering and demonstrating is more potent than a sheet of paper. We are passionate about mission-centric design and delivering effective capabilities to and for the warfighter.

Whether you're an experienced engineer or just beginning your career, you'll work alongside experts who are committed to solving mission-critical problems. If you're passionate about using your skills to make a real difference, apply today and become part of a team that's shaping the future of defense technology!

Required Skills and Experience:

• 7-10+ years in cybersecurity or IT security with increasing responsibility.
• Experience leading RMF packages through ATO for DOD systems.
• Demonstrated experience supporting CMMC, NIST SP 800-171, FISMA, and related federal cybersecurity compliance frameworks.
• Experience managing IATO/ATO and IATT/ATT processes.
• Experience conducting cybersecurity audits and maintaining compliance documentation.
• Demonstrated ability to manage teams and coordinate across engineering, operations, and leadership in fast paced environments.
• Experience with classified systems: SIPR, JWICS /CWAN , SCI enclaves or equivalent secure environments.
• Executive communication and risk translation for non-technical leaders.
• Ability to build a culture of compliance without slowing operations.
• Strong documentation discipline and attention to detail
  including development and maintenance of a nnual cybersecurity training , workforce compliance reports and associated policies and procedures
• Stakeholder management across engineering, operations, and mission owners.
• Strategic thinking: aligning cybersecurity with mission outcomes.
• Cybersecurity Frameworks & Policy
  including System Security Plan (SSP) Security Assessment Plan (SAP) & Report (SAR) , POA&M management , Continuous Monitoring Strategy , Configuration Management Plan and Incident Response Plan s.
• Knowledge of NIST RMF (SP 800 37), NIST SP 800 53 security controls, NIST SP 800 171 (CUI),
  DoD 8500-series (e.g., DoDI 8500.01, DoDI 8510.01), DON CIO cybersecurity policy, CNSSI 1253, 1254, FedRAMP.

Education and Certification Requirements:

• Bachelor's or Master's degree in a STEM-related field (e.g., Computer Science, Information Systems, Engineering, Cybersecurity, or related discipline).
• IAM Level III (typical ISSM requirement)
  ie CISSP (most common) , CISM , GSLC or CCISO (less common but accepted) certification required at time of hire or within 12 months of hire

Citizenship and Clearance requirements:

• U.S. Citizenship required
• No dual citizenship
• Active DOD TS clearance is required
• Active TS SCI preferred

Location/Address:

• On-Site
• Ronson Court, San Diego, CA

Travel:

• Under 10% travel

Work Environment: PMAT offices as needed. In some cases, work in a government facility may be required . Travel may be required for customer engagement, team coordination, and potentially for business development.

PMAT is an equal-opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.

#CJ