Senior Cybersecurity Compliance Analyst

ASRC Federal•Remote, OR

1d•Hybrid

About The Position

ASRC Federal is seeking a detail-oriented and motivated Senior Cybersecurity Compliance Analyst to join their team in a government contracting (GovCon) environment. This is a full-time remote position with occasional on-site support required in Beltsville, MD or Reston, VA. The Senior Cybersecurity Compliance Analyst will lead, manage, and execute compliance activities aligned with CMMC Level 2, NIST SP 800-171, NIST SP 800-161, and NIST SP 800-53. This role will support enterprise cybersecurity, audit readiness, risk assessments, POA&M management, continuous monitoring, and the implementation of required security controls across systems, vendors, and business units. The ideal candidate will possess deep expertise in federal cybersecurity frameworks, strong analytical skills, and the ability to collaborate effectively with both technical and non-technical stakeholders to ensure robust compliance.

Requirements

Bachelor’s degree in cybersecurity, information systems, or related field (or equivalent experience).
7+ years of relevant cybersecurity compliance or risk management experience.
5+ years of experience with a Master's degree in Cybersecurity.
Hands-on experience implementing: CMMC Level 2 controls, NIST SP 800-171, NIST SP 800-161, NIST SP 800-53.
Strong understanding of Risk Management Framework (RMF).
Experience preparing SSPs, POA&Ms, security documentation, and audit evidence.
Ability to work with cross-functional teams and communicate complex requirements clearly.
U.S. citizenship required; ability to obtain and maintain a security clearance may be required depending on contract.

Nice To Haves

Industry certifications (one or more): CISSP, CISM, CRISC, CAP, CCAK, or CMMC Certified Professional/Assessor.
Experience supporting DoD, federal agencies, or defense contractors.
Familiarity with FedRAMP, DFARS, SCF, or ISO 27001 frameworks.
Experience with continuous monitoring technologies and GRC tools (e.g., Archer, ServiceNow, eMASS).

Responsibilities

Lead the organization’s readiness efforts toward achieving and maintaining CMMC Level 2 certification, including performing gap assessments, evidence collection, control validation, and SSP/POA&M development.
Coordinate with internal engineering teams and external assessors during CMMC audits.
Oversee compliance with DFARS 252.204-7012 and NIST 800-171 requirements for protecting Controlled Unclassified Information (CUI).
Maintain and update System Security Plans (SSPs) and associated security documentation.
Manage risk assessments, incident response requirements, and continuous monitoring activities related to NIST SP 800-171.
Implement and monitor Cybersecurity Supply Chain Risk Management (C-SCRM) requirements per NIST SP 800-161.
Assess vendor cybersecurity posture, conduct supplier assessments, and support acquisition security requirements.
Develop processes to track, evaluate, and mitigate supply chain-related risks.
Support enterprise-level compliance with NIST 800-53 security and privacy controls.
Assist in Risk Management Framework (RMF) activities including categorization, control selection, control assessments, and continuous monitoring.
Work with system owners to remediate findings and ensure controls are implemented effectively.
Collaborate with engineering, IT, procurement, legal, and executive teams to ensure compliance alignment across the organization.
Prepare compliance reports, dashboards, and metrics for leadership.
Lead internal audits and coordinate external audits.
Serve as a subject matter expert on cybersecurity compliance frameworks and best practices.
Improve and mature enterprise cybersecurity governance processes, policies, and procedures.