Senior Manager Governance, Risk, and Compliance

Senior Manager Governance, Risk, and Compliance

CACI Enterprise Services is seeking a Senior Manager of Governance, Risk, and Compliance
. This role is pivotal in ensuring that our organization adheres to stringent regulatory requirements and maintains a robust control environment. You will manage a team of 5 Information Assurance and Compliance Analysts and one Team Lead, driving compliance initiatives while fostering a culture of continuous improvement and risk management.

• Coordinate, facilitate, and supervise compliance and assurance processes, including ISO 27001 internal and external assessments, internal and external IT SOX audits, and third‑party compliance assessments for IT‑relevant services (NIST SP800‑171, CMMC).
• Oversee corporate and program‑specific system security plan (SSP) reviews and associated NIST SP800‑171a assessments.
• Manage the review and assessment of Outside Service Provider SOC 1 and SOC 2 reports to ensure compliance with contractual obligations and industry standards.
• Conduct formal reviews of SOC reports, identify gaps or improvement areas, and work with service providers to address them.
• Respond to cyber attestation solicitations from contracts, ensuring all required documentation and evidence are provided timely and accurately.
• Collaborate with internal teams and external partners to gather necessary information and evidence for cyber attestations.
• Monitor remediation and corrective action plans at the corporate and program enclave level to ensure timely and effective resolution of compliance issues.
• Communicate and collaborate with IT teams to improve security compliance, manage risk, and enhance system control effectiveness.
• Build and maintain strong relationships with Internal Audit, Cyber Security, and Risk Management teams at all levels.
• Stay current on IT regulatory requirements (SOX, SEC) and gain exposure to cybersecurity practices (NIST 800.x) and industry regulations (DFARS, CMMC).
• Maintain high standards for internal communication through email, company portals, and knowledge base and policy documentation.

Required:

• Bachelor’s degree in Auditing, Management Information Systems, Information Assurance, Cybersecurity, or related field.
• 5+ years of progressive experience in Information Technology Auditing, Consulting, or a related field, with at least 2 years in a managerial role.
• Experience with CMMC, DFARS 252.204‑7012, 7019, 7020, and 7021, ISO 27001, NIST SP800‑171a, and/or Sarbanes–Oxley (SOX).
• Proven experience leveraging auditing principles and methods to evaluate policies, processes, and systems to identify risks and control gaps.
• Experience documenting, understanding, and evaluating IT governance and risk management concepts and IT general controls and practices, such as IT infrastructure, cybersecurity, change management, and application control processes.
• Experience creating and maintaining policies and procedures.
• Clear articulation and exceptional written and verbal communication skills.

Desired:

• CISSP, CIA, CISA, CRISC, or other relevant certifications.
• Security Clearance.
• Experience in a regulated industry such as Government Contracting.

Pay Range: $94,600 - $208,000

We offer competitive compensation, benefits, and learning and development opportunities. Benefits include healthcare, wellness, financial, retirement, family support, continuing education, and time‑off benefits.

CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.