Cybersecurity Compliance Analyst

About The Position

Requirements

• 3–5 years of experience in cybersecurity governance, risk, and compliance (GRC)
• Experience with one or more of the following frameworks or programs: CMMC / NIST SP 800-171, NIST SP 800-53, ISO/IEC 27001: 2022, FedRAMP, SOC 2, CMMI
• Experience working with or within 3PAOs or accredited assessment bodies
• Familiarity with federal frameworks such as: FedRAMP
• DFARS 252.204-7012
• Experience assessing complex environments (cloud, hybrid, MSPs, enclaves)
• Strong judgment and decision-making authority
• Deep expertise in control evaluation and evidence validation
• Ability to assess ambiguous or partially implemented controls
• Executive-level communication and stakeholder engagement
• Ability to work effectively with personnel at all organizational levels, including leadership and external clients
• Strong organizational and documentation skills with attention to detail
• Proficiency with Microsoft Office applications, including Word, Excel, PowerPoint, and SharePoint
• High ethical standards and professional integrity
• Must avoid conflicts of interest in accordance with applicable CMMC ecosystem expectations

Nice To Haves

• Cyber AB Registered Practitioner (RP)
• Cyber AB CMMC Certified Professional (CCP) or Cyber AB CMMC Certified Assessor (CCA)
• Familiarity with the generative and agentic AI
• CGRC or equivalent security or compliance certification

Responsibilities

• Supports DigiFlight’s Cybersecurity Maturity Model Certification (CMMC) Level 2 readiness, certification, and maintenance in support of DoD contract requirements.
• Leads or participates in internal CMMC control audits, gap assessments, and readiness assessments, compiles findings, observations, and recommendations and reports results to the Director of Cybersecurity Compliance.
• As a Cyber AB Registered Practitioner (RP), leads or supports delivery of CMMC services for external organizations, including gap assessments and readiness assessments, and provides documented remediation recommendations aligned with CMMC requirements.
• Assists internal stakeholders and external clients with compliance-related activities, including evidence collection, interviews, and clarification of control implementation expectations.
• Periodically reviews and audits compliance documentation, including policies, procedures, System Security Plans (SSPs), and supporting artifacts, to verify alignment with applicable regulatory and contractual requirements.
• Performs or participates in quality audits and appraisals; compiles findings and reports to the Quality Control Manager/Sr. Director during the audits.
• Maintains and updates cybersecurity and compliance documentation, including policies, procedures, and SSPs, to ensure accuracy and consistency with implemented controls and organizational practices.
• Prepares Configuration Control Board (CCB) agendas, facilitates CCB meetings, and documents decisions, approvals, and action items to support change and configuration management governance.
• Facilitates Vulnerability Management meetings, including review of vulnerability scan results, remediation activities, and risk acceptance decisions; tracks corrective actions and supports continual improvement efforts.
• Assists the Director of Cybersecurity Compliance and process action owners with corrective actions, remediation planning, and compliance improvement initiatives; compiles reports and recommendations and facilitates communication with appropriate personnel.
• Lead or support client readiness reviews and mock assessments.
• Evaluate organizational preparedness for CMMC certification.
• Provide guidance on certification boundary definition, control implementation expectations, and evidence sufficiency and documentation quality.
• Identify risks that may impact assessment outcomes.