The Director, CIDO Compliance is a senior leadership role accountable for developing and executing a comprehensive compliance strategy across the CIDO organization. The position drives the creation of the CIDO Compliance Charter and Annual Plan, ensuring that all information systems adhere to internal policies, regulatory frameworks, and external standards.
The role partners with Cybersecurity, IT Operations, Internal Audit, Legal, and Sector CIDOs to implement continuous compliance monitoring, incorporate compliance-by-design practices, and manage key compliance initiatives such as CMMC, SOX, and Internal Audit outcomes.
This position is based out of Falls Church, VA but can also be filled at any of Northrop Grumman's major locations.
ESSENTIAL FUNCTIONS
• Develop and execute a comprehensive CIDO-wide compliance strategy, including the creation of the CIDO Compliance Charter and Annual Plan.
• Ensure adherence to internal policies, regulatory frameworks, and external standards across all information systems.
• Implement continuous compliance monitoring capabilities and embed compliance-by-design practices into enterprise operations.
• Oversee the implementation and ongoing validation of critical compliance initiatives, including CMMC practices, SOX compliance, and remediation of Internal Audit outcomes and actions.
• Ensure evidence-based compliance for all unclassified and classified information systems across the enterprise.
• Partner with Cybersecurity, IT Operations, and Sector CIDOs to drive the consistent implementation and management of compliance activities and reporting.
• Define success metrics and establish improvement plans for operational activities, such as patching and internal phishing tests.
• Develop and maintain a centralized control repository, metrics dashboard, and executive-level compliance reports for senior leadership.
• Identify and leverage automation tools to streamline compliance checks and reduce manual efforts.
BASIC QUALIFICATIONS
• Bachelor’s degree in Information Technology, Cybersecurity, Business Administration, or a related field.
• A minimum of 12 years of progressive experience in compliance, cybersecurity, or IT governance, with at least 5 years in a senior management or director-level role.
• Demonstrated experience in developing and executing long-term compliance strategies within complex, highly regulated environments.
• Proven knowledge and hands-on experience with compliance initiatives such as CMMC, SOX, and IT General Controls (ITGC).
• This position may require the ability to obtain or maintain a government security clearance.
PREFERRED QUALIFICATIONS
• Master’s degree in Cybersecurity, Information Assurance, Business Administration, or a related discipline.
• Relevant professional certifications (e.g., CISM, CRISC, CISSP, or similar).
• Prior experience in the defense, aerospace, or high-technology sectors.
• Proven track record in establishing control libraries, accountability models, and compliance governance forums.
• Experience working with regulatory frameworks including DFARS, NIST SP 800-171, NIST SP 800-53, SOX, and DCAA.
KEY SKILLS & COMPETENCIES
• Ability to design and execute a long-term compliance roadmap that supports business strategy and regulatory requirements.
• Expertise in establishing control libraries, accountability models, and effective compliance governance forums.
• Strong stakeholder diplomacy – ability to balance regulatory rigor with operational practicality and foster cross-functional influence.
• Change leadership skills with a demonstrated ability to shift organizational culture toward proactive compliance.
• Advanced analytical and risk management skills with a focus on technical and regulatory compliance.
• Technical expertise in industry standards and regulatory frameworks including CMMC, DFARS, NIST SP 800-171, NIST SP 800-53, SOX, DCAA, and ITGC controls.
TRAVEL
• This position may require up to 10-15% domestic travel for compliance reviews, stakeholder engagements, and audit assessments.