Role Description We are seeking an experienced Director of Contracts to lead and scale our Contracts function at a $50–$100 million defense technology company performing exclusively Department of Defense (DoD) prime and subcontract work. This is a hands-on leadership role for a strategic, detail-oriented professional who can own the full contract lifecycle, from proposal through closeout; while providing sound legal, regulatory, and compliance guidance to executive leadership. The Director will manage one Contracts Administrator and will be responsible for building department processes and staffing as the company continues its double-digit revenue growth trajectory. The ideal candidate is equally comfortable negotiating a complex ID/IQ prime award, drafting a software license agreement, and advising on DCAA audit readiness. Duties & Responsibilities - Contract Management & Negotiation - Manage the full lifecycle of DoD prime contracts and subcontracts, including FFP, T&M, and CPFF/CPAF contract types. - Lead negotiation of large-value, single-source, and competitive awards including ID/IQ vehicles and task orders, inclusive of Performance-Based Payment structures. - Draft, review, and negotiate teaming agreements, NDAs, subcontracts, professional services agreements (PSAs), staffing/consulting agreements, software license agreements, OCI mitigation plans, reseller agreements, and facility leases. - Advise program managers and executive leadership on contract terms, risk allocation, and obligations throughout contract performance. - Manage contract modifications, REAs, and claims in coordination with program and finance teams. - Compliance & Regulatory - Ensure company-wide compliance with FAR, DFARS, and applicable agency supplements. - Maintain and administer the company’s ITAR/EAR/OFAC compliance program, including required registrations, licenses, and Technology Control Plans. - Manage DCAA audit interactions and DCMA oversight activities; serve as the primary point of contact for government contract administration personnel. - Advise on supply chain compliance requirements, including Buy American Act, Trade Agreements Act (TAA), and supplier cybersecurity requirements (e.g., CMMC, NIST 800-171). - Oversee Organizational Conflict of Interest (OCI) identification, disclosure, and mitigation. - Maintain and update company contract policies, procedures, and delegation of authority frameworks. - Software Licensing - Draft, negotiate, and manage software license agreements, SaaS agreements, and IP licensing arrangements with customers, partners, and vendors. - Advise on IP ownership, data rights, and technical data provisions under DoD contracts (DFARS 252.227 series). - Coordinate with engineering and product leadership on licensing compliance, open-source software policies, and government-purpose rights. - Subcontract & Supply Chain Management - Establish and maintain a compliant subcontracting program, including flow-down of applicable FAR/DFARS clauses, and supplier representations and certifications. - Negotiate and administer subcontracts with large prime contractors and lower-tier suppliers. - Conduct supplier due diligence and support small business subcontracting plan compliance where required. - Corporate & Cross-Functional Support - Support M&A due diligence efforts, including review of target company contract portfolios, representations, and compliance status. - Advise HR and executive leadership on employment law matters related to staffing, independent contractor/1099 classifications, and workforce compliance. - Partner with Finance on contract funding, milestone billing, cost reporting, and revenue recognition. - Advise on legal and regulatory developments affecting the business and proactively recommend policy updates. - Department Leadership - Directly supervise the Contracts Administrator; provide mentoring, workload management, and professional development. - Build scalable contracts department processes, templates, and tracking systems to support continued revenue growth. - Interface with outside legal counsel as needed for complex litigation, M&A, or specialized regulatory matters. Qualifications - Bachelor’s degree required; J.D. or advanced degree in a related field strongly preferred. - 7+ years of progressive government contracts experience, with at least 3 years in a senior or leadership role within a DoD prime or subcontractor environment. - Deep, working knowledge of FAR, DFARS, and DoD contracting regulations. - Direct experience managing FFP, T&M, and cost-reimbursement (CPFF/CPAF) contract types. - Experience negotiating and drafting software license agreements and data rights provisions under government contracts. - Demonstrated experience with ITAR/EAR/OFAC export control compliance programs. - Familiarity with DCAA audit processes and DCMA contract administration. - Strong written and verbal communication skills, including the ability to present to executive leadership and government representatives. - Ability to manage multiple priorities and operate effectively as a senior individual contributor and team leader in a fast-paced, growth-stage environment. Preferred Qualifications - J.D. with active bar membership, or National Contract Management Association (NCMA) CPCM/CFCM certification. - Experience supporting M&A due diligence in a government contracting context. - Familiarity with CMMC/NIST 800-171 cybersecurity requirements and their contractual implications. - Experience building a contracts function from the ground up or leading department transformation. - Active Secret or Top Secret security clearance. - Experience with ID/IQ vehicles, GWACs, and task order competition processes. Benefits - Workplace flexibility. - Commitment to the health and well-being of you and your family. - Opportunities to work with a purpose. - Education assistance. - Unlimited paid time off.

• Maintain and continuously improve the System Security Plan (SSP), policies, procedures, and standards aligned to NIST 800-53 and SOC 2. • Own the Plan of Action and Milestones (POA&M) lifecycle: tracking, aging, remediation evidence, and monthly continuous monitoring deliverables. • Manage the control evidence catalog—what evidence exists, where it lives, when it was last refreshed, and what's coming up for renewal. • Coordinate with the U.S. security team and 3PAOs to support GovRAMP, FedRAMP, and state-level (TX-RAMP, ) authorization and continuous monitoring activities. • Run our third-party risk management program end-to-end: security questionnaires, due diligence, contract review, recurring reassessments. • Maintain the enterprise risk register, facilitate risk acceptance decisions, and translate technical risk into business language for executives. • Administer subcontractor flow-down obligations and PII safeguarding certifications across all relevant agreements. • Track contractual security obligations across state customer contracts and ensure we meet every commitment on schedule. • Maintain and version-control our policy library—written in plain English, not boilerplate. • Run our security awareness training program, phishing simulations, and Rules of Behavior administration. • Author tabletop exercise scenarios, facilitate exercises, and produce after-action reports with concrete remediation owners. • Partner with HR and IT on onboarding and offboarding security checklists, access reviews, and acceptable use enforcement.

• Own end-to-end CMMC implementation and audit readiness, including scoping, control mapping, SSP and POA&M development, evidence collection, and remediation tracking. • Interpret and apply DFARS clause requirements, including DFARS 252.204-7012, 252.204-7019, and 252.204-7020, translating contractual obligations into operational controls and maintaining accurate SPRS submissions. • Conduct recurring internal audits of NIST 800-171 security controls on a defined cadence to validate continued compliance, and support preparation for C3PAO assessments including evidence packages and assessment logistics. • Assess CUI environments to meet CMMC boundary requirements, including network segmentation, access control, media protection, and FIPS-validated encryption, and evaluate cloud environments against CMMC scoping guidance. • Implement technical controls across NIST 800-171 practice families, including MFA, audit logging, configuration management, incident response, and vulnerability management. • Serve as a CMMC subject matter resource, contributing to compliance roadmaps, facilitating readiness workshops, and advising on DFARS flow-down requirements for subcontractors. • Collaborate with legal and contracts teams to review FAR/DFARS clauses in new and existing contracts, flagging CUI obligations and CMMC level requirements, and coordinate on ITAR and EAR obligations as they intersect with CUI handling. • Support the organization’s GRC platform for evidence management, POA&M tracking, and risk register maintenance, and contribute to compliance dashboards for leadership.

• Architect and own end-to-end CMMC implementation and audit readiness, including scoping strategy, control mapping, SSP and POA&M development, evidence collection, and remediation tracking across the organization. • Interpret and apply DFARS clause requirements, including DFARS 252.204-7012, 252.204-7019, and 252.204-7020, translating contractual obligations into operational controls and owning accurate SPRS submissions. • Lead recurring internal audits of NIST 800-171 security controls and drive end-to-end preparation for C3PAO assessments, including evidence packages, assessment logistics, and assessor coordination. • Architect CUI environments to meet CMMC boundary requirements, including network segmentation, access control, media protection, and FIPS-validated encryption; lead evaluation of cloud environments against CMMC scoping guidance. • Drive implementation of technical controls across NIST 800-171 practice families, including MFA, audit logging, configuration management, incident response, and vulnerability management, engaging directly with engineering teams. • Serve as the primary CMMC subject matter expert at IonQ, developing compliance roadmaps, facilitating readiness workshops, and providing authoritative guidance on DFARS flow-down requirements for subcontractors. • Partner with legal and contracts teams to review FAR/DFARS clauses in new and existing contracts, flagging CUI obligations and CMMC level requirements, and lead coordination with regulatory teams on ITAR and EAR obligations as they intersect with CUI handling. • Develop and operate a formal risk management program covering IT systems and infrastructure, maintain a risk register, and provide regular executive-level reporting on posture, open risks, and remediation progress. • Own and mature the organization’s GRC platform to support evidence management, POA&M tracking, and risk register maintenance, and build compliance dashboards for leadership visibility.