Senior Compliance Analyst

About The Position

Requirements

• Broad understanding of systems and security engineering principles, including:
• Ability to build and troubleshoot systems (e.g., servers, Active Directory).
• Understanding of network fundamentals, cloud technologies (IaaS, PaaS, SaaS), and cybersecurity
• Experience within the Defense Industrial Base (DIB), with expertise in assessing compliance for DIB contractors.
• Direct, hands-on experience with NIST 800-171, CMMC, DFARS 252.204-7012. Must have led compliance assessments and demonstrated independent leadership of audits or regulatory
• CMMC Certified Assessor, CISSP, CISM, or other relevant cybersecurity certifications
• Passion for working in a challenging, fast-paced A "whatever it takes" attitude and a commitment to continuous learning and improvement.
• Excellent verbal and written communication skills. Ability to convey complex compliance requirements clearly to both technical and non-technical stakeholders.
• Comfortable working independently, pivoting when necessary, and raising your hand when additional resources are needed. Strong follow-through and reliability in meeting deadlines.

Responsibilities

• Own and lead all compliance efforts for assigned clients, acting as the primary advisor on cybersecurity compliance and regulatory alignment.
• Maintain proactive communication with clients on compliance status, assessment results, and remediation Deliver regular updates through executive briefings, business reviews, and detailed reporting.
• Lead and execute compliance assessments (e.g., DFARS, NIST 800-171, and CMMC Maturity Level 2). Perform annual assessments and ensure evidence-based control
• Lead the implementation and continuous monitoring of compliance frameworks (e.g., NIST SP 800-171, CMMC). Develop and manage System Security Plans (SSPs) and Plans of Action & Milestones (POA&M) for clients.
• Guide clients through internal and external audits, ensuring all necessary evidence, documentation, and artifacts are in place for successful certification.
• Collaborate with clients to develop, update, and maintain compliance documentation, including policies, procedures, SSPs, POA&Ms, and other governance materials.
• Ensure compliance policies and procedures aligned with NIST 800-171, CMMC, and DFARS. Provide expertise in drafting and maintaining control documentation.
• Develop and maintain incident response plans. Conduct tabletop exercises with clients to test incident response readiness and improve incident management capabilities.
• Perform regular risk assessments to identify compliance gaps and develop mitigation strategies. Maintain risk registers and ensure continuous improvement of compliance postures.
• Deliver or facilitate client training programs, including basic security awareness, privileged user training, and handling of Controlled Unclassified Information (CUI).