Job Summary

The Compliance Manager oversees United Rotorcraft’s (UR) defense and regulatory compliance initiatives, ensuring adherence to federal standards such as CMMC, DFARS, NIST 800-171, ITAR, and EAR. This role is responsible for safeguarding Controlled Unclassified Information (CUI), managing defense contract obligations, and maintaining export control compliance. The Compliance Manager will foster a culture of accountability and compliance throughout the organization and collaborates with Technology, Operations, Facilities, and Corporate teams to ensure UR remains audit-ready, continuously monitored, and aligned with Department of Defense and other regulatory requirements.

Essential Functions and Responsibilities include the following:

• Lead UR’s compliance strategy and program development (CMMC, DFARS, NIST 800-171, ITAR/EAR, CUI handling), including policies, procedures, and controls
• Manage audit readiness and external assessments, ensuring documentation, evidence, and control implementation meet regulatory requirements
• Ensure supplier and subcontractor compliance by supporting the flow down of contractual, cybersecurity, and export control requirements in coordination with the Contract Admin & CX Services Manager
• Partner with Technology, Operations, Facilities, and other functions to ensure security, access, and incident reporting controls are effectively implemented
• Monitor regulatory updates (DoD, NARA, BIS, DDTC) and adjust UR compliance programs accordingly
• Lead incident reporting and response coordination, ensuring DFARS 252.204-7012 and ITAR/EAR requirements are met
• Develop and deliver compliance training and awareness programs for employees and contractors handling CUI or export-controlled data
• Maintain compliance metrics and risk tracking, reporting status and findings to UR leadership
• Serve as primary liaison with regulatory agencies, including DCAA, DCMA, BIS, and DDTC, and coordinate responses to audits and inquiries
• Continuously evaluate and enhance compliance programs, incorporating industry best practices and benchspaning against peers
• Oversee third-party risk management, including compliance due diligence and monitoring of vendors and subcontractors
• Ensure data privacy and protection compliance, collaborating with IT and legal teams to safeguard sensitive information
• Promote ethics and integrity across the organization, investigating and resolving compliance-related concerns
• Lead policy governance, including development, review, and lifecycle management of compliance-related policies
• Advise senior leadership on strategic compliance risks, mitigation plans, and integration with business objectives
• Coordinate crisis and incident response efforts, including breach investigations and remediation planning
• Champion a proactive compliance culture, using communication, engagement, and feedback mechanisms
• Evaluate and implement compliance technologies, including automation tools for monitoring and reporting
• Other duties as assigned

Additional Job Requirements

• Regular scheduled attendance
• Indicate the percentage of time spent traveling: 10%

Subject to applicable laws and Air Method’s policies, regular attendance is an essential function of the position. All employees must follow Air Methods’ employment practices and policies.

Supervisory Responsibilities

This position may supervise over teammates in the department. Carries out supervisory responsibilities in accordance with the organization’s policies and applicable laws. Responsibilities include interviewing, selecting, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; and addressing complaints and resolving problems. For exempt managers: managers that carry out these responsibilities for two or more employees will have significant input in hiring and termination decisions.

Qualifications

To perform this job successfully, an individual must be able to perform each essential function satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. In accordance with applicable laws, Air Methods will provide reasonable accommodations that do not create an undue burden so disabled employees may perform the essential functions of the position.

Education & Experience

• Bachelor’s degree (BS/BA) in a Cybersecurity, Information Systems, Business, or related field from a four-year college or university; and seven (7) or more years related experience and/or training; or equivalent combination of education and experience
• Master’s degree preferred
• 7+ years of experience in compliance, information security, or defense contracting
• Experience with DFARS, CMMC, ITAR, EAR, and related frameworks
• Familiarity with NIST standards (SP 800-171, SP 800-53) and incident reporting under DFARS
• Background in aerospace/defense or regulated industries strongly preferred

Skills

• Defense & Export Compliance Expertise: Strong understanding of CMMC, DFARS, NIST 800-171, ITAR, and EAR requirements
• Supplier Compliance & Risk Management: Ability to ensure compliance flow downs to suppliers/subcontractors, monitor adherence, and manage supply chain risk in alignment with DoD regulations
• Audit & Assessment Readiness: Experience preparing organizations for DoD audits, CMMC assessments, and government security reviews
• Incident Management: Ability to coordinate DFARS-compliant incident reporting, including DoD/DC3 submissions
• Policy & Program Development: Skilled in creating compliance policies, security procedures, and evidence repositories
• Risk & Continuous Monitoring: Proficient in compliance risk management, monitoring controls, and implementing remediation plans
• Cross-Functional Collaboration: Ability to partner with Contract Administration and key business functions to align compliance programs with contractual, customer, and organizational requirements
• Training & Communication: Strong skills in educating non-technical staff and building compliance culture
• Strategic Leadership: Able to translate regulatory requirements into practical business processes and long-term compliance roadmaps

Computer Skills

• Proficient with Microsoft Office Suite, including PowerPoint, Visio, Word, Excel, Project, and SharePoint

Certificates, Licenses, Registrations

• Relevant certifications in compliance and security (e.g., CMMC Professional/Assessor, CISSP, CISM, CISA, CCSK, ITAR/EAR export control training) preferred

Note: This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the position.

Air Methods is an EEO/AA employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.