Cybersecurity & Compliance Specialist Level 2

About The Position

Requirements

• Primary focus on continuous compliance with CMMC Level 2 requirements.
• Implement and maintain the 110 security controls based on NIST 800-171.
• Maintain all required compliance documentation, including System Security Plan (SSP), Policies & Procedures, and POA&M (Plan of Action & Milestones).
• Ensure continuous compliance readiness.
• Lead internal and external audits.
• Serve as the primary point of contact for auditors and cybersecurity consultants.
• Develop and implement security policies related to access control, Controlled Unclassified Information (CUI), and endpoint protection.
• Monitor threats, vulnerabilities, and incidents.
• Implement and maintain Multi-Factor Authentication (MFA), Conditional Access Policies, and Data Loss Prevention (DLP).
• Manage incident response activities, including detection, containment, and documentation.
• Advanced administration of Microsoft Entra ID (Azure AD), Intune, Microsoft Defender, and Security & Compliance Center.
• Manage identities, roles, and permissions within the Microsoft 365 environment.
• Monitor and respond to security alerts.
• Harden the Microsoft 365 environment according to CMMC requirements.
• Document all cybersecurity processes and controls.
• Maintain organized audit evidence and records.
• Update policies and procedures based on regulatory changes.
• Ensure traceability of actions, decisions, and remediation efforts.
• Define cybersecurity requirements for technical implementations.
• Validate that IT configurations comply with CMMC standards.
• Conduct employee cybersecurity awareness training.
• Lead phishing awareness and data handling initiatives.
• Promote a strong cybersecurity culture across the organization.

Nice To Haves

• This position will support but will not be responsible for: Daily help desk support, General IT troubleshooting.

Responsibilities

• Implement and maintain the 110 security controls based on NIST 800-171.
• Maintain all required compliance documentation, including System Security Plan (SSP), Policies & Procedures, and POA&M (Plan of Action & Milestones).
• Ensure continuous compliance readiness.
• Lead internal and external audits.
• Serve as the primary point of contact for auditors and cybersecurity consultants.
• Develop and implement security policies related to access control, Controlled Unclassified Information (CUI), and endpoint protection.
• Monitor threats, vulnerabilities, and incidents.
• Implement and maintain Multi-Factor Authentication (MFA), Conditional Access Policies, and Data Loss Prevention (DLP).
• Manage incident response activities, including detection, containment, and documentation.
• Perform advanced administration of Microsoft Entra ID (Azure AD), Intune, Microsoft Defender, and Security & Compliance Center.
• Manage identities, roles, and permissions within the Microsoft 365 environment.
• Monitor and respond to security alerts.
• Harden the Microsoft 365 environment according to CMMC requirements.
• Document all cybersecurity processes and controls.
• Maintain organized audit evidence and records.
• Update policies and procedures based on regulatory changes.
• Ensure traceability of actions, decisions, and remediation efforts.
• Define cybersecurity requirements for technical implementations.
• Validate that IT configurations comply with CMMC standards.
• Conduct employee cybersecurity awareness training.
• Lead phishing awareness and data handling initiatives.
• Promote a strong cybersecurity culture across the organization.