Principal Analyst- IT Cyber Security (CMMC)

About The Position

Requirements

• 10+ years of cybersecurity, GRC, or compliance experience
• 5+ years working directly with compliance frameworks (NIST SP 800-171) and DoD compliance programs
• Hands-on experience applying CMMC and NIST frameworks to assess, implement, and govern cybersecurity controls across complex environments.
• Experience authoring, reviewing, and governing enterprise-level compliance documentation, including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and other various support documentation
• Comprehensive knowledge of the CMMC framework and NIST SP 800-171, including assessment methodology and security control implementation
• Experience leading enterprise-level cybersecurity assessments or compliance programs
• Strong risk analysis, documentation, and executive communication skills

Nice To Haves

• Bachelors or Masters degree in Cybersecurity, Information Systems, Computer Science, or related field
• CISSP, CISM, CRISC, or similar advanced certification
• Demonstrated knowledge and experience with DoD regulations and information security frameworks (CMMC, NIST, DFARS)
• Ability to interpret complex regulatory and compliance requirements and exercise professional judgment in validating control implementation and supporting evidence
• Ability to clearly convey complex technical and compliance concepts to both technical and non-technical audiences.

Responsibilities

• Support and help guide activities related to CMMC compliance and overall certification strategy
• Assist in the management, implementation, and validation of security controls in compliance with CMMC, NIST SP 800-171, and/or DFARS requirements
• Provide expert guidance and authoritative input on CMMC, NIST SP 800-171, DFARS, and related DoD cybersecurity requirements
• Oversee the development and maintenance of System Security Plans (SSPs), POA&Ms, policies, procedures, and security control documentation
• Conduct and oversee CMMC readiness assessments, gap analysis, and internal/external audits
• Coordinate with internal stakeholders to remediate identified gaps
• Partner with IT, Cybersecurity, Legal, and Engineering teams to ensure compliance across systems handling CUI
• Advise leadership on risk posture, compliance status, and remediation priorities
• Support customer and government inquiries related to cybersecurity compliance
• Serve as the primary liaison with external auditors, consultants, and CMMC Third-Party Assessment Organizations (C3PAOs)
• Provide technical leadership and mentorship across the enterprise
• Develop internal training and guidance on CUI handling and CMMC requirements
• Promote a culture of security awareness aligned with Microchip’s guiding values

Benefits

• We offer a total compensation package that ranks among the best in the industry. It consists of competitive base pay, restricted stock units, and quarterly bonus payments. In addition to these components, our package includes health benefits that begin day one, retirement savings plans, and an industry leading ESPP program with a 2 year look back feature.
• Benefits of working at Microchip