Senior Microsoft Technical Lead

Work with a nationally ranked CPA and advisory firm that is passionate for what's next. Aprio has 30 U.S. office locations, one in the Philippines and more than 2,100 team members that speak 60+ languages across the globe. By bringing together proven expertise, deep understanding, and strategic foresight for fast-growing industries, Aprio ensures clients are prepared for wherever life or business may take them. Discover a top-rated culture, vast growth opportunities and your next big career move with Aprio. Join Aprio's  Risk Advisory and Assurance Services team and you will help clients maximize their opportunities. Aprio is a progressive, fast-growing firm looking for a Senior Manager to join their dynamic team.   Ready to do more with your Microsoft security expertise? Join SecurityBricks, powered by Aprio, and help organizations across industries navigate complex cybersecurity and compliance landscapes with confidence.   At SecurityBricks, we’re not just checking boxes—we’re securing the future. As a Senior Microsoft Security Engineer, you’ll work with cutting-edge Microsoft tools, support high-impact compliance frameworks like FedRAMP and CMMC, and help shape the security posture of both public and private sector organizations. We are seeking an experienced Senior Manager of Security and Compliance to lead our CMMC consulting practice serving small to enterprise organizations across the Defense Industrial Base. This senior leadership role will guide clients through their CMMC Level 2 certification journey, architecting tailored security programs that leverage Microsoft's enterprise security ecosystem while ensuring practical, cost-effective compliance for organizations of varying sizes and maturity levels. Key Responsibilities: CMMC Consulting Practice Leadership

Lead CMMC Level 2 consulting engagements from initial assessment through certification readiness

Conduct gap assessments against NIST SP 800-171 and CMMC Level 2 requirements for diverse client environments

Develop customized remediation roadmaps scaled to client size, budget, and technical capabilities

Prepare organizations for C3PAO assessments and provide certification readiness reviews

Support multiple concurrent client engagements across various industries and organizational sizes

Microsoft Security Solutions Architect

Design right-sized Microsoft security solutions appropriate for small business through enterprise clients

Architect scalable implementations of Microsoft 365 (Business Premium to E5/G5), Azure, and Defender suite based on client maturity and budget

Implement Microsoft Purview, Azure Information Protection, and DLP solutions tailored to CUI protection requirements

Deploy Microsoft Sentinel or cost-effective alternatives for security monitoring across client environments

Guide clients on Azure Government vs. commercial cloud decisions based on CMMC requirements

Create reusable frameworks and templates that accelerate client implementations

Client Advisory & Strategic Guidance

Serve as trusted advisor to C-suite and senior leadership on CMMC strategy and investment priorities

Translate complex CMMC requirements into actionable business recommendations

Provide guidance on scope definition, boundary establishment, and enclave strategies

Advise on contractor teaming arrangements and CMMC compliance flow-down requirements

Present security program maturity assessments and executive-level progress reporting

Support proposal development and contract reviews for CMMC-related security requirements

Team Leadership & Practice Development

Build and mentor a team of 4-6 security consultants with diverse skill sets and experience levels

Develop standardized methodologies, playbooks, and accelerators for CMMC consulting engagements

Establish quality assurance processes and peer review mechanisms for client deliverables

Create training programs to elevate team capabilities in CMMC and Microsoft security technologies

Foster culture of client success, technical excellence, and continuous learning

Manage resource allocation and workload distribution across concurrent client engagements

Practice Growth & Thought Leadership

Identify opportunities to expand consulting services and develop new offerings

Contribute to business development activities and proposal responses

Represent the practice at client events

Develop thought leadership content on CMMC implementation best practices

Build relationships with Microsoft partners, C3PAOs, and industry organizations

Stay current on CMMC program updates and DoD cybersecurity requirements

Required Qualifications

Bachelor's degree in Computer Science, Information Security, or related field (Master's preferred)

10+ years of progressive experience in information security and compliance, with significant consulting experience

5+ years leading teams and managing multiple concurrent projects or client engagements

Proven track record successfully guiding organizations through CMMC/NIST SP 800-171 implementations

Deep expertise working with small businesses through enterprise organizations on compliance initiatives

Extensive hands-on experience implementing Microsoft security solutions across varied environments

Strong understanding of Defense Industrial Base, CUI handling requirements, and DFARS compliance

Experience translating technical requirements into business terms for non-technical stakeholders

Technical Competencies

CMMC Level 2 and NIST SP 800-171 control implementation across diverse environments

Microsoft 365 security architecture (Business Premium through E5/G5 licensing)

Azure and Azure Government cloud security configurations

Microsoft Defender suite deployment and optimization

Microsoft Purview, Azure Information Protection, and data classification strategies

Microsoft Sentinel and cost-effective SIEM alternatives

Identity and Access Management solutions (Azure AD, Conditional Access)

Network segmentation and boundary protection strategies

Security documentation and technical writing

Preferred Certifications

CISSP, CISM, or equivalent security leadership certification

Microsoft security certifications (SC-200, SC-300, SC-400, AZ-500)

NIST SP 800-171 assessment experience or DIBCAC certification

Additional relevant certifications (Security+, CISA, GCIH, GIAC)

Key Competencies

Client Relationship Management: Build trust and credibility with stakeholders at all organizational levels

Adaptive Communication: Translate technical concepts for audiences from small business owners to enterprise CISOs

Scalable Solutions Design: Right-size security programs based on organizational maturity, resources, and risk tolerance

Business Acumen: Balance security requirements with operational realities and budget constraints

Project Leadership: Manage complex, multi-phase engagements with competing priorities and timelines

Mentorship: Develop junior consultants and elevate overall team capabilities

Problem-Solving: Navigate unique challenges across diverse client environments and technical landscapes

Travel Requirements

Approximately once per month for client site visits, assessment activities, team meetings, or industry conferences. Travel frequency may increase during initial client onboarding phases or certification preparation periods. Expectation is 10-15% travel annually.

Ideal Client Engagement Experience

Small businesses (50-500 employees) new to CMMC requirements

Mid-market companies establishing CUI handling environments

Enterprise defense contractors optimizing existing compliance programs

Organizations transitioning from NIST SP 800-171 self-assessment to CMMC Level 2 certification

Companies implementing Microsoft cloud solutions for government contracting

Defense Industrial Base supply chain participants navigating flow-down requirements