Director of IT

Who We Are: LINK is a fast-growing Woman Owned Small Business (WOSB) that leverages human-centered design to support strategy, innovation, communication, change, and branding within the federal government and adjacent industry partners. At LINK, we partner with engineers, futurists, and thought leaders to untangle complexity, discover opportunity, and communicate clearly with visual stories.  Let us be your partners in change. About the Opportunity: The Director of IT is a strategic and hands-on leadership role responsible for overseeing the company’s day-to-day IT operations, cybersecurity program, enterprise systems, and regulatory compliance posture. This role serves as the organization’s primary internal owner of IT governance and federal compliance, with a strong focus on leading and sustaining Cybersecurity Maturity Model Certification (CMMC) Level 2 readiness and broader security maturity initiatives. Operating within a Google Workspace and macOS environment, this role oversees an external managed service provider (MSP) responsible for help desk support and device management, while serving as the internal authority on IT operations, cybersecurity, compliance, and technology-related risk decisions. The Director of IT will build scalable processes, strengthen security controls, and mature the company’s IT infrastructure to support continued growth as a federal contractor. This role requires strong cross-functional partnership with Finance and Accounting to evaluate technology investments, vendor relationships, budgeting, and the affordability and scalability of IT and cybersecurity solutions. The ideal candidate is able to balance operational effectiveness, security requirements, compliance obligations, and business realities in a pragmatic and growth-oriented way. Reporting directly to the CEO, this individual will regularly interface with executive leadership, serving as a trusted advisor on cybersecurity, compliance, technology strategy, and operational risk. The role also requires comfort representing the organization in client-facing, audit-related, and business development discussions, including articulating the company’s compliance posture and security capabilities to external stakeholders. While overseeing day-to-day IT operations through the MSP, success in this role will be defined by the ability to drive cybersecurity and compliance maturity, influence enterprise technology decisions, support scalable growth, and position the company as a trusted and compliant federal contractor. Qualifications: Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field (or equivalent experience) 10+ years of progressive experience in IT, cybersecurity, or compliance roles 2+ years in a government contracting or federal consulting environment preferred Direct, hands-on experience leading or supporting CMMC Level 2 readiness and/or certification efforts (strongly preferred / prioritized) Demonstrated expertise with NIST SP 800-171 controls and implementing compliance programs in a business environment Proven experience developing, maintaining, and auditing SSPs, POA&Ms, and security policies in support of CMMC or similar frameworks Experience working directly with executive leadership, including the ability to communicate risk, tradeoffs, and compliance posture clearly Ability to participate in external-facing conversations (e.g., auditors, clients, partners) and represent the company’s cybersecurity capabilities Experience managing or overseeing a managed service provider (MSP) relationship Hands-on experience with macOS environments and endpoint management (e.g., Apple Business Manager, MDM platforms) preferred Experience with Google Workspace administration and security configuration is a plus Strong ability to build, document, and scale processes in a growing organization Responsibilities:  CMMC & Regulatory Compliance Serve as the primary internal owner and subject matter expert for CMMC Level 2 certification, leading all aspects of third-party assessment (C3PAO) readiness and execution Develop, maintain, and continuously improve the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and all supporting CMMC documentation Ensure ongoing alignment with NIST SP 800-171 controls and CMMC Level 2 practices across all in-scope systems and processes Lead internal gap assessments, remediation planning, and evidence collection in preparation for audits Monitor and interpret evolving federal cybersecurity requirements, including DFARS, FAR, and CUI handling standards Own CUI policies, procedures, and employee training to ensure proper handling and compliance Provide regular updates to executive leadership on compliance status, risks, and required actions Managed Service Provider (MSP) Oversight Oversee LINK’s MSP for help desk support, device management, and IT operations, ensuring alignment with security and compliance requirements Establish clear expectations, SLAs, and accountability measures for MSP performance Ensure MSP-delivered services meet CMMC and internal security standards Evaluate MSP effectiveness and provide recommendations on vendor strategy, improvements, or changes Serve as the primary internal escalation point and relationship owner for the MSP Process Development & Operational Maturity Assess current-state IT and compliance processes, identifying gaps, risks, and opportunities for standardization Build and implement a process maturity roadmap focused on compliance readiness and scalability Develop, document, and maintain SOPs for key IT and compliance functions, including device management, access control, and change management Implement and enforce a structured IT change management process Continuously refine processes based on audit findings, incidents, and organizational growth needs Cybersecurity & Incident Response Implement and manage the company’s cybersecurity program, including threat monitoring, vulnerability management, and endpoint protection Develop, test, and maintain Incident Response (IR) and Business Continuity/Disaster Recovery (BC/DR) plans Lead security awareness training and phishing simulation programs Oversee identity and access management, including MFA and least-privilege principles Business Operations & Technology Integration Partner with operations, program management, and finance to ensure IT and compliance capabilities support contract delivery Support business development efforts by contributing to proposals, compliance narratives, and participating in client discussions related to cybersecurity posture Provide input to leadership on IT and security budgeting, forecasting, and vendor management Identify and implement technology solutions that improve internal operations and scalability Oversee onboarding and off-boarding processes to ensure secure and efficient user lifecycle management Work Schedule: Full time, 40 hours per week Some travel required to attend relevant events and conferences, and participate in LINK team events Salary: We're committed to offering competitive compensation. While the salary range for this position is $105,000-$130,000, your final offer may be adjusted based on factors like experience and location. Benefits: $100 monthly internet/cell phone stipend LINK sponsored healthcare benefits including medical, dental, vision Company-paid Short Term Disability Insurance 401K with employer contribution of up to 4% 11 Federal Holidays per year  15 days of Paid Time Off (PTO) per year  Paid Holiday Time Off (Christmas Eve through the New Year)  Annual bonus plan participation Annual profit sharing participation $2,000 Learning and Development program reimbursement Technology package that includes a LINK-owned MacBook Pro, monitor, mouse and keyboard EOE