Implementation Specialist, CMMC

New York, NYHybridPosted Jul 9, 2026
Apply
At Secureframe, we are not just a company; we are at the forefront of revolutionizing cybersecurity compliance. Recognized as one of the industry's most innovative and trusted providers, Secureframe has consistently received accolades for our advanced technology solutions and commitment to excellence. With a robust portfolio of products that safeguard thousands of businesses worldwide, we have been featured in major publications such as Forbes’ next billion dollar startups, TechCrunch, and The Wall Street Journal for our transformative impact on the way companies achieve and maintain compliance standards.   As we continue to grow, our mission remains clear: to provide seamless, secure compliance solutions that enable businesses to focus on what they do best. Joining Secureframe means becoming part of a dynamic team dedicated to professional excellence and continuous learning in an environment that values creativity and forward-thinking.   Secureframe is backed by top VCs including Kleiner Perkins, Accomplice, Gradient Ventures (Google’s AI Fund), BoxGroup, Village Global, and many more. At Secureframe, we are not just a company; we are at the forefront of revolutionizing cybersecurity compliance. Recognized as one of the industry's most innovative and trusted providers, Secureframe has consistently received accolades for our advanced technology solutions and commitment to excellence. With a robust portfolio of products that safeguard thousands of businesses worldwide, we have been featured in major publications such as Forbes’ next billion dollar startups, TechCrunch, and The Wall Street Journal for our transformative impact on the way companies achieve and maintain compliance standards.   As we continue to grow, our mission remains clear: to provide seamless, secure compliance solutions that enable businesses to focus on what they do best. Joining Secureframe means becoming part of a dynamic team dedicated to professional excellence and continuous learning in an environment that values creativity and forward-thinking.   Secureframe is backed by top VCs including Kleiner Perkins, Accomplice, Gradient Ventures (Google’s AI Fund), BoxGroup, Village Global, and many more.

About the Implementation Team


The Implementation team sits within Secureframe's customer organization and works closely with Sales, Customer Success, Product, Engineering, Security, Support, and our partner ecosystem. This team is responsible for helping customers move from signed contract to real operational readiness: scoped environments, configured platform workflows, clear control ownership, evidence collection, remediation tracking, and a credible path to CMMC assessment.
This is an early role on a team we are building from scratch. The right person is not only comfortable delivering customer implementations; they want to help define what excellent CMMC implementation looks like at Secureframe. You will create playbooks, improve handoffs, identify repeatable delivery patterns, pressure-test service packaging, and help turn early
customer engagements into a scalable implementation motion.


About the Role

  As an Implementation Specialist focused on CMMC, you will lead hands-on implementation projects for customers pursuing CMMC and, where applicable, more advanced defense readiness requirements. You will serve as the primary customer-facing owner for implementation execution, coordinating across internal teams, external partners, and customer
stakeholders.
This role requires strong project leadership, technical fluency, customer empathy, and comfort operating in ambiguity. CMMC customers often need more than software onboarding: they need help understanding scope, CUI and FCI handling, SSP and POA&M workflows, asset categorization, evidence expectations, secure environment decisions, partner responsibilities, and C3PAO readiness. You will not be expected to personally perform every technical remediation, but you must be able to understand the work, drive accountability, and help the customer make steady progress.

About the Implementation Team


The Implementation team sits within Secureframe's customer organization and works closely with Sales, Customer Success, Product, Engineering, Security, Support, and our partner ecosystem. This team is responsible for helping customers move from signed contract to real operational readiness: scoped environments, configured platform workflows, clear control ownership, evidence collection, remediation tracking, and a credible path to CMMC assessment.
This is an early role on a team we are building from scratch. The right person is not only comfortable delivering customer implementations; they want to help define what excellent CMMC implementation looks like at Secureframe. You will create playbooks, improve handoffs, identify repeatable delivery patterns, pressure-test service packaging, and help turn early
customer engagements into a scalable implementation motion.


About the Role

  As an Implementation Specialist focused on CMMC, you will lead hands-on implementation projects for customers pursuing CMMC and, where applicable, more advanced defense readiness requirements. You will serve as the primary customer-facing owner for implementation execution, coordinating across internal teams, external partners, and customer
stakeholders.
This role requires strong project leadership, technical fluency, customer empathy, and comfort operating in ambiguity. CMMC customers often need more than software onboarding: they need help understanding scope, CUI and FCI handling, SSP and POA&M workflows, asset categorization, evidence expectations, secure environment decisions, partner responsibilities, and C3PAO readiness. You will not be expected to personally perform every technical remediation, but you must be able to understand the work, drive accountability, and help the customer make steady progress.

What You'll Do

  • Lead end-to-end CMMC implementations for new and existing Secureframe customers, owning the customer experience from kickoff through handoff and readiness milestones.
  • Translate customer requirements into clear implementation plans, including scope, timeline, milestones, owners, risks, dependencies, and success criteria.
  • Help customers understand and operationalize CMMC requirements, including Level 1 FCI basics, Level 2 CUI handling, NIST SP 800-171 control expectations, SSP and POA&M workflows, evidence collection, asset inventory, and audit-readiness preparation.
  • Partner with customers to identify where CUI lives today across email, file sharing, cloud applications, endpoints, engineering systems, specialized equipment, facilities, and third-party providers.
  • Coordinate implementation work across Secureframe product configuration, control mapping, evidence automation, policies, procedures, owner assignments, remediation tracking, and readiness reporting.
  • Support secure-environment planning discussions, including identity, endpoint management, logging, network segmentation, GCC High or Azure Government considerations, Google Workspace hardening, virtual desktops, physical controls, and partner-led remediation where relevant.
  • Work with Sales and Customer Success to improve pre-sale scoping, implementation estimates, customer expectation-setting, and handoff quality.
  • Collaborate with CMMC partners, MSPs, consultants, auditors, and C3PAOs while maintaining clear boundaries around Secureframe's role in preparation, platform tooling, implementation support, and independent assessment.
  • Deliver live customer training and working sessions that help customers assign owners, collect evidence, remediate gaps, and use Secureframe as their operating system for CMMC readiness.
  • Build repeatable implementation assets, including kickoff templates, project plans, RACI models, discovery questionnaires, evidence checklists, status reports, readiness criteria, risk registers, and handoff runbooks.
  • Identify patterns across implementations and feed those insights back to Product, Engineering, Sales, Customer Success, and leadership.
  • Use AI and automation thoughtfully to accelerate repeatable implementation work, summarize customer context, surface risks, and improve time to value.

What Success Looks Like

  • Customers know exactly what they need to do, who owns each workstream, and how Secureframe supports their path to readiness.
  • Implementations move from broad CMMC ambition to concrete operating rhythm: scoped assets, assigned controls, evidence owners, remediation plans, reporting, and handoff.
  • Secureframe develops a repeatable CMMC implementation motion that can serve very small businesses, SMBs, mid-market companies, and more complex defense contractors without reinventing the process every time.
  • Sales and Customer Success have sharper implementation packaging, better scoping inputs, and more confidence setting customer expectations.
  • Product and Engineering receive clear feedback on what CMMC customers actually need to deploy, prove, and maintain readiness.

About You

  • You have 2-5 years of experience in implementation, professional services, customer success, project management, technical consulting, GRC, security compliance, or a similar customer-facing delivery role.
  • You are a builder. You enjoy creating structure where it does not yet exist, documenting what works, improving rough processes, and helping a new team scale beyond heroic one-off delivery.
  • You are comfortable with ambiguity and early-stage operating environments. You can make progress with incomplete information, identify the next best step, and keep customers moving without waiting for every answer to be perfect.
  • You have strong project-management instincts and can manage timelines, dependencies, risks, executive visibility, and cross-functional accountability.
  • You are technically fluent enough to discuss identity, endpoints, cloud environments, logging, access control, asset inventory, network boundaries, and secure collaboration with IT and security stakeholders.
  • You understand, or are motivated to quickly learn, CMMC, NIST SP 800-171, CUI, FCI, SSPs, POA&Ms, evidence management, audit readiness, and the defense industrial base.
  • You can work with a wide range of customers, from founder-led teams with minimal IT capacity to larger organizations managing multiple departments, frameworks, facilities, and stakeholders.
  • You are customer-centered and pragmatic. You can explain complex compliance and technical concepts in plain language and help customers make decisions that fit their business, risk, and timeline.
  • You communicate clearly in writing and live meetings, including project plans, status updates, executive summaries, implementation risks, and internal feedback.
  • You are resourceful with modern tools, including AI, and interested in building smarter workflows for implementation delivery.

Nice to Have

  • Experience with CMMC, NIST SP 800-171, DFARS 252.204-7012, FedRAMP, ITAR, GCC High, Azure Government, AWS GovCloud, or defense-sector customers.
  • Experience implementing or administering GRC platforms, compliance automation tools, ticketing systems, identity providers, MDM, EDR, SIEM, cloud collaboration suites, or secure enclave environments.
  • Experience in professional services, managed services, security consulting, audit readiness, or partner-assisted delivery.
  • Project management certification, security certification, or GRC certification such as PMP, CSM, Security+, CISA, CISM, CRISC, CCSK, or equivalent practical experience.
  • Experience building implementation playbooks, service packages, onboarding programs, or customer delivery operations from an early stage.

Why This Role Matters


CMMC is becoming a market-access requirement for thousands of companies that support the defense ecosystem. Many of these customers are not large defense primes with mature compliance teams. They are aerospace manufacturers, IT services firms, engineering companies, construction suppliers, security providers, universities, and specialized small
businesses that need a practical way to prove readiness without losing focus on their core business.
Secureframe is in a strong position to help these customers because CMMC work touches areas our platform already supports: evidence, controls, policies, vendors, personnel, assets, remediation, readiness reporting, and multi-framework reuse. But winning this market requires more than software. It requires a high-trust implementation motion that helps customers scope correctly, move quickly, coordinate partners, and operationalize the program. This role will help build that motion.


Working Style


This role is remote-friendly. Some customer or company travel may be required for strategic implementations, team planning, or partner/customer events
Benefits: - Industry-competitive salary and equity - Medical, dental, and vision benefits for you and your dependents - Flexible time off so you can rest, recharge, and stay at your best - 401(k) - Paid family leave - Ground floor opportunity as an early member of the team   Secureframe is an equal opportunity employer. We aim to create an environment where every team member at Secureframe feels like they belong so they can have a greater impact on our business and customers. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.   Collaboration, connection, and having fun with colleagues is an important part of our culture as a remote first company.  Therefore, all employees must be able to travel by air to company offsites two to four times per year (reasonable accommodations will be made where appropriate).   We've become aware of fraudulent job offers and recruiters falsely claiming to represent Secureframe.    Please note: 1. Official Communication: All genuine Secureframe recruiting communication and job offers are sent from @secureframe.com email addresses. 2. No Fees: We never ask for payments or fees from job applicants at any stage.

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free