Cybersecurity & Compliance Analyst

About The Position

Requirements

• Broad understanding of systems and security engineering principles, including the ability to build and troubleshoot systems (e.g., servers, Active Directory).
• Understanding of network fundamentals, cloud technologies (IaaS, PaaS, SaaS), and cybersecurity.
• Experience within the Defense Industrial Base (DIB), with expertise in assessing compliance for DIB contractors.
• Direct, hands-on experience with NIST 800-171, CMMC, DFARS 252.204-7012.
• Must have led compliance assessments and demonstrated independent leadership of audits or regulatory.
• CMMC Certified Assessor, CISSP, CISM, or other relevant cybersecurity certifications.

Nice To Haves

• Passion for working in a challenging, fast-paced environment.
• Excellent verbal and written communication skills.
• Ability to convey complex compliance requirements clearly to both technical and non-technical stakeholders.
• Comfortable working independently, pivoting when necessary, and raising your hand when additional resources are needed.
• Strong follow-through and reliability in meeting deadlines.

Responsibilities

• Own and lead all compliance efforts for assigned clients, acting as the primary advisor on cybersecurity compliance and regulatory alignment.
• Maintain proactive communication with clients on compliance status, assessment results, and remediation.
• Deliver regular updates through executive briefings, business reviews, and detailed reporting.
• Lead and execute compliance assessments (e.g., DFARS, NIST 800-171, and CMMC Maturity Level 2).
• Perform annual assessments and ensure evidence-based control.
• Lead the implementation and continuous monitoring of compliance frameworks (e.g., NIST SP 800-171, CMMC).
• Develop and manage System Security Plans (SSPs) and Plans of Action & Milestones (POA&M) for clients.
• Guide clients through internal and external audits, ensuring all necessary evidence, documentation, and artifacts are in place for successful certification.
• Collaborate with clients to develop, update, and maintain compliance documentation, including policies, procedures, SSPs, POA&Ms, and other governance materials.
• Ensure compliance policies and procedures aligned with NIST 800-171, CMMC, and DFARS.
• Develop and maintain incident response plans.
• Conduct tabletop exercises with clients to test incident response readiness and improve incident management capabilities.
• Perform regular risk assessments to identify compliance gaps and develop mitigation strategies.
• Deliver or facilitate client training programs, including basic security awareness, privileged user training, and handling of Controlled Unclassified Information (CUI).