Department: Security & Compliance
Reports to: Vice President
Job type: Onsite preferred, remote available
Job Description
Winsor Consulting Group is seeking an experienced Director of Compliance to lead and mature our enterprise and client-facing compliance programs. This role is ideal for a strategic compliance leader with deep expertise in CMMC, NIST frameworks, HIPAA, and CJIS, and experience supporting regulated environments including DoD contractors, healthcare organizations, law enforcement agencies, and financial institutions.
The Director of Compliance will oversee governance, risk, and compliance (GRC) initiatives, ensure regulatory alignment, and guide clients through complex cybersecurity compliance requirements. This position plays a critical role in protecting sensitive data, maintaining contractual eligibility, and strengthening our clients’ security posture.
Job Duties:
Relevant professional certifications such as CMMC RP, CCP, CCA, CISSP, CISM, CISA, CRISC, HCISPP or Certified HIPAA Professional are highly preferred.
Reports to: Vice President
Job type: Onsite preferred, remote available
Job Description
Winsor Consulting Group is seeking an experienced Director of Compliance to lead and mature our enterprise and client-facing compliance programs. This role is ideal for a strategic compliance leader with deep expertise in CMMC, NIST frameworks, HIPAA, and CJIS, and experience supporting regulated environments including DoD contractors, healthcare organizations, law enforcement agencies, and financial institutions.
The Director of Compliance will oversee governance, risk, and compliance (GRC) initiatives, ensure regulatory alignment, and guide clients through complex cybersecurity compliance requirements. This position plays a critical role in protecting sensitive data, maintaining contractual eligibility, and strengthening our clients’ security posture.
Job Duties:
- Lead and scale Winsor’s CMMC compliance program, ensuring consistent, highquality service delivery aligned to DoD and C3PAO expectations.
- Oversee CMMC Level 1 and Level 2 readiness assessments, gap analyses, remediation planning, and audit preparation.
- Serve as the firm’s primary Subject Matter Expert (SME) for CMMC 2.0 and related frameworks including NIST SP 800171, DFARS 252.2047012/7021, and NIST CSF, with working oversight of HIPAA Security Rule and CJIS Security Policy requirements.
- Provide executivelevel advisory services to clients regarding compliance posture, risk exposure, and remediation strategy across CMMC and other applicable regulatory frameworks.
- Direct the development and maintenance of SSPs, POA&Ms, policies, standards, and structured compliance documentation.
- Establish standardized compliance delivery methodologies, SOPs, and quality assurance controls.
- Ensure secure architecture alignment and control implementation within client environments.
- Manage thirdparty assessments, including C3PAO coordination and POA&M closeout validation.
- Oversee HIPAA risk analyses and CJIS compliance validation efforts where applicable.
- Monitor regulatory updates and proactively evolve client and internal compliance programs.
- Lead, mentor, and grow Winsor’s compliance team, defining technical standards and career development paths.
- Partner with Sales and Account Management to support discovery, solution architecture, and positioning of compliance services.
- Contribute to the strategic evolution and profitability of Winsor’s Security & Compliance service offerings.
- Promote a culture of accountability, documentation rigor, and audit readiness across client engagements.
- Deep expertise in CMMC 2.0 and NISTbased control environments, including NIST SP 800171, DFARS 252.2047012/7021, and crossframework control mapping.
- Strong understanding of governance, risk, and compliance (GRC) program design and enterprise compliance architecture.
- Demonstrated ability to translate regulatory requirements into scalable, repeatable service delivery models within an MSP environment.
- Executivelevel communication skills with the ability to advise business leaders on compliance risk, contractual eligibility, and remediation strategy.
- Proven leadership capability in building and mentoring highperforming compliance or security teams.
- Working knowledge of security technologies (e.g., vulnerability management, endpoint protection, logging/monitoring, boundary protection) and their role in supporting regulatory compliance.
- Working knowledge of HIPAA Security Rule and CJIS Security Policy requirements, including risk analysis and validation expectations.
- Experience managing external audits, C3PAO coordination, and structured evidence collection processes.
- Strong analytical and problemsolving skills with the ability to balance regulatory rigor with operational practicality.
- Understanding of the MSP business model, including SLAdriven service delivery and client lifecycle management.
- Ability to operate effectively in a fastpaced, clientfacing advisory environment.
- 710+ years of experience in cybersecurity compliance, risk management, or governance
- 5+ years in a leadership role overseeing regulatory compliance programs.
- Direct handson experience with CMMC implementation and audit preparation
- Experience working for an MSP or in a similar service delivery environment is highly preferred, with a proven track record of assisting clients with achieving and maintaining compliance.
- Demonstrated success in managing security projects and delivering security services to external clients, including projects focused on CMMC readiness.
- Proven experience in developing and implementing security policies, procedures, and standards, with a strong understanding of how these align with compliance frameworks.
- Strong understanding of NISTbased control environments and crossframework control mapping
- Experience supporting DoD contractors, healthcare organizations, or public sector agencies preferred
- Successful experience managing and mentoring technical teams, including guiding them on compliancerelated tasks.
Relevant professional certifications such as CMMC RP, CCP, CCA, CISSP, CISM, CISA, CRISC, HCISPP or Certified HIPAA Professional are highly preferred.