Director of IT

Who We Are: LINK is a fast-growing Woman Owned Small Business (WOSB) that leverages human-centered design to support strategy, innovation, communication, change, and branding within the federal government and adjacent industry partners. At LINK, we partner with engineers, futurists, and thought leaders to untangle complexity, discover opportunity, and communicate clearly with visual stories. 

Let us be your partners in change.

About the Opportunity:

The Director of IT is a strategic and hands-on leadership role responsible for overseeing the company’s day-to-day IT operations, cybersecurity program, enterprise systems, and regulatory compliance posture. This role serves as the organization’s primary internal owner of IT governance and federal compliance, with a strong focus on leading and sustaining Cybersecurity Maturity Model Certification (CMMC) Level 2 readiness and broader security maturity initiatives.

Operating within a Google Workspace and macOS environment, this role oversees an external managed service provider (MSP) responsible for help desk support and device management, while serving as the internal authority on IT operations, cybersecurity, compliance, and technology-related risk decisions. The Director of IT will build scalable processes, strengthen security controls, and mature the company’s IT infrastructure to support continued growth as a federal contractor.

This role requires strong cross-functional partnership with Finance and Accounting to evaluate technology investments, vendor relationships, budgeting, and the affordability and scalability of IT and cybersecurity solutions. The ideal candidate is able to balance operational effectiveness, security requirements, compliance obligations, and business realities in a pragmatic and growth-oriented way.

Reporting directly to the CEO, this individual will regularly interface with executive leadership, serving as a trusted advisor on cybersecurity, compliance, technology strategy, and operational risk. The role also requires comfort representing the organization in client-facing, audit-related, and business development discussions, including articulating the company’s compliance posture and security capabilities to external stakeholders.

While overseeing day-to-day IT operations through the MSP, success in this role will be defined by the ability to drive cybersecurity and compliance maturity, influence enterprise technology decisions, support scalable growth, and position the company as a trusted and compliant federal contractor.

Qualifications:

Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field (or equivalent experience)

10+ years of progressive experience in IT, cybersecurity, or compliance roles

2+ years in a government contracting or federal consulting environment preferred

Direct, hands-on experience leading or supporting CMMC Level 2 readiness and/or certification efforts (strongly preferred / prioritized)

Demonstrated expertise with NIST SP 800-171 controls and implementing compliance programs in a business environment

Proven experience developing, maintaining, and auditing SSPs, POA&Ms, and security policies in support of CMMC or similar frameworks

Experience working directly with executive leadership, including the ability to communicate risk, tradeoffs, and compliance posture clearly

Ability to participate in external-facing conversations (e.g., auditors, clients, partners) and represent the company’s cybersecurity capabilities

Experience managing or overseeing a managed service provider (MSP) relationship

Hands-on experience with macOS environments and endpoint management (e.g., Apple Business Manager, MDM platforms) preferred

Experience with Google Workspace administration and security configuration is a plus

Strong ability to build, document, and scale processes in a growing organization

Responsibilities: 

CMMC & Regulatory Compliance

Serve as the primary internal owner and subject matter expert for CMMC Level 2 certification, leading all aspects of third-party assessment (C3PAO) readiness and execution

Develop, maintain, and continuously improve the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and all supporting CMMC documentation

Ensure ongoing alignment with NIST SP 800-171 controls and CMMC Level 2 practices across all in-scope systems and processes

Lead internal gap assessments, remediation planning, and evidence collection in preparation for audits

Monitor and interpret evolving federal cybersecurity requirements, including DFARS, FAR, and CUI handling standards

Own CUI policies, procedures, and employee training to ensure proper handling and compliance

Provide regular updates to executive leadership on compliance status, risks, and required actions

Managed Service Provider (MSP) Oversight

Oversee LINK’s MSP for help desk support, device management, and IT operations, ensuring alignment with security and compliance requirements

Establish clear expectations, SLAs, and accountability measures for MSP performance

Ensure MSP-delivered services meet CMMC and internal security standards

Evaluate MSP effectiveness and provide recommendations on vendor strategy, improvements, or changes

Serve as the primary internal escalation point and relationship owner for the MSP

Process Development & Operational Maturity

Assess current-state IT and compliance processes, identifying gaps, risks, and opportunities for standardization

Build and implement a process maturity roadmap focused on compliance readiness and scalability

Develop, document, and maintain SOPs for key IT and compliance functions, including device management, access control, and change management

Implement and enforce a structured IT change management process

Continuously refine processes based on audit findings, incidents, and organizational growth needs

Cybersecurity & Incident Response

Implement and manage the company’s cybersecurity program, including threat monitoring, vulnerability management, and endpoint protection

Develop, test, and maintain Incident Response (IR) and Business Continuity/Disaster Recovery (BC/DR) plans

Lead security awareness training and phishing simulation programs

Oversee identity and access management, including MFA and least-privilege principles

Business Operations & Technology Integration

Partner with operations, program management, and finance to ensure IT and compliance capabilities support contract delivery

Support business development efforts by contributing to proposals, compliance narratives, and participating in client discussions related to cybersecurity posture

Provide input to leadership on IT and security budgeting, forecasting, and vendor management

Identify and implement technology solutions that improve internal operations and scalability

Oversee onboarding and off-boarding processes to ensure secure and efficient user lifecycle management

Work Schedule:

Full time, 40 hours per week

Some travel required to attend relevant events and conferences, and participate in LINK team events

Salary: We're committed to offering competitive compensation. While the salary range for this position is $105,000-$130,000, your final offer may be adjusted based on factors like experience and location.

Benefits:

$100 monthly internet/cell phone stipend

LINK sponsored healthcare benefits including medical, dental, vision

Company-paid Short Term Disability Insurance

401K with employer contribution of up to 4%

11 Federal Holidays per year 

15 days of Paid Time Off (PTO) per year 

Paid Holiday Time Off (Christmas Eve through the New Year) 

Annual bonus plan participation

Annual profit sharing participation

$2,000 Learning and Development program reimbursement

Technology package that includes a LINK-owned MacBook Pro, monitor, mouse and keyboard

EOE