Senior Manager Audit and Compliance

Who are we?

 MIT Lincoln Laboratory is a Federally Funded Research and Development Center (FFRDC) whose mission is research in support of National Security.

* Mission - The Security Department’s (SD) overall mission is to enable research and development while keeping the Lincoln Laboratory community safe and secure through the protection of information, network, facilities and personnel.
* Culture – We foster an inclusive, opportunity-filled environment of empowered team members from diverse backgrounds

What will you do?

The Senior Security Manager, Audit & Compliance is responsible for leading the Laboratory’s independent security assurance and compliance program across unclassified, collateral, and special access environments. Reporting directly to the Chief Security Officer (CSO)/Chief Information Security Officer (CISO), this role provides objective oversight of security compliance, audit readiness, risk management, and continuous improvement efforts. The position operates independently from mission-support security functions and serves as a key advisor to executive leadership on organizational security posture, regulatory compliance, and inspection readiness. 

Key Responsibilities
* Lead and manage the Laboratory’s security audit, compliance, inspection, and risk assessment programs. 
* Supervise a team of security auditors, compliance specialists, and risk management professionals. 
* Develop and implement audit methodologies, compliance monitoring processes, and risk-based assessment strategies. 
* Plan and oversee self-inspections, government security reviews, compliance assessments, CMMC evaluations, CORA readiness activities, privacy reviews, and corrective action validation efforts. 
* Prepare the organization for DCSA, Air Force, Intelligence Community, and program sponsor-led inspections and assessments. 
* Monitor changes to government security regulations and provide guidance to leadership on compliance requirements and associated risks. 
* Evaluate security controls, classified facility compliance, access control procedures, safeguarding practices, and physical security requirements. 
* Develop compliance metrics, dashboards, and executive reports to measure program effectiveness and identify trends. 
* Lead corrective and preventive action (CAPA) initiatives and continuous improvement efforts to strengthen security performance and reduce risk. 
* Partner with Laboratory leadership, government representatives, and oversight organizations to ensure effective remediation and long-term compliance. 
* Support policy development, governance initiatives, workforce training, and organizational awareness programs that promote a culture of compliance and accountability. 

What you need/Requirements:

For this position, you must meet these basic requirements: Bachelor’s degree in Security Management, Cybersecurity, Information Assurance, Business Administration, Criminal Justice, or a related field, or equivalent combination of education and experience. 
* Minimum of 10 years of experience in industrial security, compliance, audit, inspection, or risk management within a cleared defense, intelligence, federal research, or government contractor environment. 
* Minimum of 7 years of leadership experience managing professional staff and complex security programs. 
* Demonstrated success leading enterprise-level audit, compliance, inspection, or assessment programs and supporting government inspections. 
* Strong knowledge of NISPOM 32 CFR Part 117, CUI requirements, DAAG, ICDs, DO Manuals, DoD security regulations, CMMC 2.0, NIST frameworks, risk management principles, and audit methodologies. 
* Exceptional communication, analytical, and leadership skills, with the ability to brief senior executives, government officials, and external auditors. 
* Candidates must possess one or more of the following audit, security, or compliance certifications, or be able to obtain it within 12 months of hire: Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified CMMC Assessor (CCA) ISO 19011 Lead Auditor Training Certificate
* Active Top Secret security clearance with eligibility for access to compartmented programs. 
* Availability for occasional travel and after-hours support during security incidents or inspections. 
* Position may require local and overnight travel.
* Subject to pre-employment and periodic background investigations.

Ideally, you will have:

* Experience supporting FFRDC/UARCs, Department of War organizations, Intelligence Community agencies, or major defense contractors. 
* Experience with SAP, SCI, and compartmented security programs. 
* Experience managing DCSA Security Vulnerability Assessments and other government oversight activities. 
* Experience implementing governance, risk, and compliance (GRC) tools and leading enterprise continuous improvement initiatives. 
* Professional certifications such as CISA, CISSP, CISM, CompTIA Security+, CRISC, Certified CMMC Assessor (CCA), ISO 19011 Lead Auditor, or related security and compliance credentials.