CMMC Compliance Analyst L2
About The Position
Our partner is a leading technology solutions provider dedicated to supporting critical government initiatives. We are currently augmenting the Governance, Risk, and Compliance (GRC) team of a key client, to facilitate their achievement of Cybersecurity Maturity Model Certification (CMMC) Level 2. This high-impact project involves assisting Project Management Entities (PMEs) in developing and completing their System Security Plans (SSPs) and ensuring robust cybersecurity posture. We are seeking highly motivated and detail-oriented CMMC Level 2 Compliance Analysts to join our team. In this role, you will play a crucial part in guiding our partner PMEs through the complex CMMC Level 2 certification process. You will leverage your expertise in cybersecurity and compliance frameworks to review documentation, identify gaps, and provide essential guidance to ensure adherence to NIST SP 800-171 controls and CMMC requirements. This is a critical project with a significant impact on national security.
Requirements
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent practical experience.
- Proven experience in cybersecurity, GRC, or IT compliance roles.
- Strong understanding of cybersecurity frameworks, particularly NIST SP 800-171 and the Cybersecurity Maturity Model Certification (CMMC) program, especially Level 2 requirements.
- Experience with System Security Plans (SSPs) and their role in demonstrating compliance.
- Ability to interpret and apply complex security controls and regulatory requirements.
- Excellent analytical, problem-solving, and communication skills, with the ability to explain technical concepts to individuals with varying levels of cybersecurity expertise.
- Detail-oriented with strong organizational skills and the ability to manage multiple tasks in a fast-paced environment.
- U.S. Citizenship is required.
Nice To Haves
- Relevant certifications such as CMMC Certified Professional (CCP), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA).
- Experience working with government contractors or within the Defense Industrial Base (DIB).
- Familiarity with GRC software platforms.
- Prior experience in a client-facing or resource augmentation role.
Responsibilities
- Assist PMEs in the development and completion of their System Security Plans (SSPs).
- Review PME-submitted evidence and documentation, including asset classification and boundary diagrams, to identify compliance gaps against CMMC Level 2 and NIST SP 800-171 controls.
- Provide clear, actionable feedback and guidance to PMEs on interpreting complex cybersecurity controls and improving the quality and accuracy of their compliance documentation.
- Collaborate with Cyber and GRC teams to streamline the SSP review process and address data accuracy issues.
- Support PMEs in understanding and implementing the inheritance model for applicable controls.
- Contribute to the establishment and maintenance of a monitoring and reporting framework for PME progress.
- Potentially assist in developing targeted training or guidance materials to enhance PME cybersecurity expertise.
- Maintain meticulous records of reviews, feedback, and PME progress.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
