CUI & CMMC Specialist

About The Position

Requirements

• Bachelor’s degree in Information Security, Cybersecurity, Business Administration, or a related field (or equivalent experience).
• 3-6 years of experience in information security, compliance, or data management roles, preferably in a defense or aerospace environment.
• Working knowledge of CUI requirements , NIST SP 800-171 , and DFARS clauses.
• Experience developing and implementing security or compliance policies.
• Strong communication, training, and cross-functional collaboration skills.
• Ability to analyze complex data handling processes and recommend improvements.

Nice To Haves

• Experience working in a DoD, defense contractor, or ITAR-compliant environment.
• Familiarity with cybersecurity frameworks such as CMMC , ISO 27001 , or NIST SP 800-53 .
• Prior experience conducting internal audits or compliance assessments.
• Active security clearance or eligibility to obtain one.

Responsibilities

• CUI Identification and Classification Identify and classify sensitive information in accordance with organizational policies and federal regulations.
• Apply proper CUI markings, labels, and metadata to documents and electronic files.
• Compliance and Regulatory Adherence Ensure organizational compliance with all relevant laws, regulations, and directives governing CUI (e.g. NIST SP 800-171, DFARS 252.204-7012).
• Maintain up-to-date knowledge of evolving CUI policies, guidance, and best practices.
• Policy Development and Implementation Develop, maintain, and update CUI-related policies, standard operating procedures (SOPs), and documentation.
• Collaborate across departments to ensure consistent application of CUI requirements.
• Training and Awareness Conduct training and awareness sessions for Ursa Major employees on proper CUI handling, marking, and storage.
• Create and distribute educational materials to reinforce compliance and security culture.
• Monitoring and Auditing Monitor CUI handling practices and conduct periodic audits to ensure compliance.
• Investigate and document potential CUI incidents or breaches; recommend and track corrective actions.
• Collaboration Partner with IT, Cybersecurity, Legal, and Compliance teams to ensure cohesive management of CUI across systems and processes.
• Serve as a subject matter expert and point of contact for CUI-related inquiries.
• Risk Management Identify risks associated with CUI management and propose mitigation strategies.
• Work with security and infrastructure teams to ensure CUI protection against unauthorized access or disclosure.
• Cross-Functional and Strategic Initiatives Lead or support cross-functional projects to enhance CUI management and information architecture.
• Contribute to strategic planning and continuous improvement initiatives focused on data protection and compliance maturity.