CMMC Analyst

About The Position

Requirements

• 5+ years experience in the risk and compliance field focusing on ensuring that the company complies with federal, state and industry regulations and standards.
• 5+ years experience working with NIST SP 800-53, NIST SP 800-171/172, or Risk Management Framework (RMF) including auditing and/or implementation of controls.
• Certified CMMC Assessor (CCA) or the ability to obtain certification upon hire.
• Ability to prepare disparate development teams for the rigors of IT framework controls.
• Deep understanding of laws and regulations related to enterprise security and risk.
• Broad knowledge of infrastructure, networking, security, and endpoint technologies.
• Excellent administrative and organizational skills with attention to detail and a high degree of accuracy, together with the ability to lead several simultaneous projects under deadline pressure.
• Exceptional interpersonal and communication skills, both oral and written; must be able to ask clear, concise questions involving complex technology to get requisite answers from business partners and colleagues.
• Experience with a GRC tool to optimize risk, compliance, and audit functions.
• Knowledge of security and compliance control implementation in both cloud and on-premise based technologies.
• U.S. Citizen Required.
• Ability to attain a US Government Secret Clearance.
• Ability to travel up to 10%.

Nice To Haves

• BA or BS in a related field preferred.
• Security and audit industry certifications including CISA, CIA, CISM, CISSP, SANS, CPA, etc.
• Previous experience as, or interacting with, a third-party audit team auditing PCI DSS, ISO27001, and/or IT SOX.
• Project Management experience.
• Experience with negotiation and problem/conflict resolution.
• Mature knowledge of information technology: applications, back-office integrations, operations, and key business processes is required.

Responsibilities

• Communicating with internal customers across several product lines and technologies on compliance activities
• Support engineering and IT requests related to security and compliance impacting changes within the target environments.
• Lead the resolution of identified information security and data risk issues.
• Leading the CMMC activities as the second line of defense, providing advisory activities for Company systems.
• Lead the maintenance of an asset inventory associated with the CMMC environment.
• Proactively evaluate proposed changes to CMMC environments to ensure they are implemented or isolated appropriately to avoid or mitigate risks.
• Assist in the development, maintenance and automation of security, risk, and compliance artifacts and documentation, including all exceptions and alternative controls implemented to address non-standard use cases.
• Lead audit support efforts from both regular internal and external audit requests.
• Interacting with auditors to resolve findings.
• Stay informed of industry changes, trends, and standards related to information security, including regular involvement in United States Government working groups including Defense Industrial Base (DIB) and National Defense Information Sharing and Analysis Center (ND-ISAC).
• Performing formal and informal risk assessments.