IT Compliance Supervisor - Public Sector, Operations

Job Summary: 

The IT Compliance Supervisor leads the development and oversight of the compliance program and its staff, supporting governance, risk, and compliance efforts across Information Technology teams, business executives, and their respective organizations.
 

Job Duties:

• Advises senior leadership on interpreting and applying FedRAMP, NIST SP 800‑53, NIST SP 800‑171 Rev 2, NIST CSF, CMMC 2.0, and ISO 27000 requirements to optimize cybersecurity posture and CUI protection
• Develops and maintains multi‑year strategic plans and implementation roadmaps that align with NIST SP 800‑171 control families, CMMC 2.0 Level 2 practices, and DFARS 252.204‑7012 mandates
• Evaluates contracts, Statements of Work, and vendor agreements to ensure inclusion of FAR 52.204‑21, DFARS 252.204‑7012, and other funding, legal, and program requirements, and verifies contractors’ System Security Plans and POA&Ms meet NIST SP 800‑171 standards
• Performs risk assessments per NIST SP 800‑30 methodology—identifying threats, vulnerabilities, and impacts—to support cost‑benefit analyses and residual risk decisions under DFARS requirements
• Interprets U.S. Codes (Titles 10, 18, 32, 50), Presidential Directives, OMB A‑130, and federal/state privacy laws to inform organizational cybersecurity and privacy policies
• Analyzes audit findings, continuous monitoring data, and non‑compliance trends to assess their impact on CMMC maturity and enterprise cybersecurity effectiveness, and prepares detailed audit and assessment reports mapping findings to NIST SP 800‑171 controls with prioritized remediation strategies and POA&Ms
• Promotes awareness of cybersecurity and privacy principles—least privilege, defense in depth, data minimization—across all levels of management to embed them into the organization’s mission and goals
• Provides expert guidance on cyber threats (phishing, ransomware, insider threat) and network security methodologies (firewalls, IDS/IPS, segmentation) as outlined in NIST SP 800‑171 families SC and SI
• Collaborates with General Counsel, External Affairs, and business units to ensure that new and existing systems, services, and vendor practices comply with DFARS 252.204‑7012 CUI safeguarding, privacy obligations, and organizational consent/authorization requirements
• Crafts clear, role‑based policies, SOPs, and instructional materials that align privacy objectives with security controls and satisfy CMMC 2.0 practice statements
• Translates complex technical and planning information into concise briefings for non‑technical stakeholders to secure buy‑in for NIST and CMMC initiatives
• Monitors advancements in information privacy laws, accreditation standards, CMMC updates, and privacy‑enhancing technologies to adapt organizational controls and maintain compliance
• Works across IT, Legal, HR, and other departments to integrate privacy and security objectives, ensuring business processes support both CUI protection and operational goals
• Determines whether security incidents constitute privacy breaches under applicable legal standards and coordinates necessary legal and regulatory actions
• Other duties as required

Supervisory Responsibilities: 

• Oversees and manages compliance activities including other compliance staff 
   

Qualifications, Knowledge, Skills, and Abilities: 

Education:

• High School Diploma or GED, required
• Bachelor's degree in computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering, preferred
• Annual 40 hours of continuous learning, (may include professional memberships, forums, lunch and learns, roundtables, online training courses, and maintaining certifications), required

Experience:

• Five (5) or more years of relevant experience, required

License/Certifications:

• Industry‑recognized certifications, such as CISM, CASP +, CISSP, CISA, Security +, or other IT credentials demonstrating knowledge management fundamentals, preferred

Other Knowledge, Skills, and Abilities: 

• Knowledge of FedRAMP, NIST SP 800-53, NIST SP 800-171, NIST CSF, Cybersecurity Maturity Model Certification (CMMC)
• Knowledge of computer networking concepts and protocols, and network security methodologies
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
• Knowledge of cybersecurity and privacy principles
• Knowledge of cyber threats and vulnerabilities
• Knowledge of specific operational impacts of cybersecurity lapses
• Knowledge of applicable business processes and operations of customer organizations
• Knowledge of Privacy Impact Assessments
• Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures
• Knowledge of what constitutes a "threat" to a network
• Knowledge of who the organization's operational planners are, how, and where they can be contacted, and the expectation
• Knowledge of privacy disclosure statements based on current laws
• Skill in creating policies that reflect the business's core privacy objectives
• Skill in communicating with all levels of management (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience)
• Ability to develop clear directions and instructional materials
• Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities
• Ability to develop, update, and/or maintain standard operating procedures (SOPs).
• Ability to select the appropriate implant to achieve operational goals
• Ability to tailor technical and planning information to a customer's level of understanding
• Ability to monitor advancements in information privacy laws to ensure organizational adaptation and compliance
• Ability to work across departments and business units to implement organization's privacy principles and programs and align privacy objectives with security objectives
• Ability to monitor advancements in information privacy technologies to ensure organizational adaptation and compliance
• Ability to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action

Join us at BDO, where you will find more than a career, you’ll find a place where your work is impactful, and you are valued for your individuality. We offer flexibility and opportunities for advancement. Our culture is centered around making meaningful connections, approaching interactions with curiosity, and being true to yourself, all while making a positive difference in the world. 

At BDO, our purpose of helping people thrive every day is at the heart of everything we do. Together, we are focused on delivering exceptional and sustainable outcomes and value for our people, our clients, and our communities. BDO is proud to be an ESOP company, reflecting a culture that puts people first, by sharing financially in our growth in value with our U.S. team.  BDO professionals provide assurance, tax and advisory services for a diverse range of clients across the U.S. and in over 160 countries through our global organization.

BDO is the first large accounting and advisory organization to implement an Employee Stock Ownership Plan (ESOP). A qualified retirement plan, the ESOP offers participants a stake in the firm’s success through beneficial ownership and a unique opportunity to enhance their financial well-being. The ESOP stands as a compelling addition to our comprehensive compensation and Total Rewards benefits* offerings. The annual allocation to the ESOP is fully funded by BDO through investments in company stock and grants employees the chance to grow their wealth over time as their shares vest and grow in value with the firm’s success, with no employee contributions. 

We are committed to delivering exceptional experiences to middle market leaders by sharing insight-driven perspectives, helping companies take business as usual to better than usual. With industry knowledge and experience, a breadth and depth of resources, and unwavering commitment to quality, we pride ourselves on:

• Welcoming diverse perspectives and understanding the experience of our professionals and clients
• Empowering team members to explore their full potential
• Our talented team who brings varying skills, knowledge and experience to proactively help our clients navigate an expanding array of complex challenges and opportunities
• Celebrating ingenuity and innovation to transform our business and help our clients transform theirs
• Focus on resilience and sustainability to positively impact our people, clients, and communities
• BDO Total Rewards that encompass so much more than traditional “benefits.”  Click here to find out more!

*Benefits may be subject to eligibility requirements.

Equal Opportunity Employer, including disability/vets