Senior IT Compliance Analyst

About The Position

Requirements

• 3 to 5 years of experience in compliance, information security, or defense contracting
• 3 to 5 years of experience in cybersecurity, with a focus on CMMC compliance or a similar framework (e.g., NIST 800-171, ISO 27001, ITAR, EAR).
• 3 to 5 years of experience with U.S. export laws; practical application of NIST 800‑171 control families; building SSP/POA&M; enabling SPRS submissions and audit readiness.
• Deep understanding of Controlled Unclassified Information (CUI) regulations, including NIST SP 800-171 and DFARS.
• Familiarity with FAR, DFARS, ITAR, and EAR regulations and their application to CUI handling.
• Familiarity with SSPs, POA&Ms, and CMMC compliance documentation.
• Experience developing and overseeing CUI programs to ensure compliance with federal regulations.
• Experience preparing organizations for DoD audits, CMMC assessments, and government security reviews.
• Proficient in compliance risk management, monitoring controls, and implementing remediation plans.
• Strong knowledge of risk management processes, security auditing, and incident response planning.
• Employment at onsemi is contingent on providing verification of work authorization and verification of U.S. Person status (i.e., U.S. citizens, permanent residents, and other protected individuals under the Immigration and Naturalization Act, 8 U.S.C. 1324b(a)(3)) or obtaining any necessary license for roles requiring access to hardware, software, services, or technical data controlled by U.S. export control laws and regulations.

Responsibilities

• Develop and lead onsemi’s enterprise-wide compliance strategy and program, covering CMMC, DFARS, NIST 800-171, ITAR/EAR, and CUI handling, including policies, procedures, and controls.
• Drive CMMC compliance initiatives, ensuring adherence to NIST SP 800-171 standards and serving as the primary liaison with external CMMC Third-Party Assessor Organizations (C3PAOs) and internal IT and Legal & Compliance teams.
• Identify and assess compliance risks and gaps related to CUI and technical data; develop and implement mitigation strategies and Plans of Action and Milestones (POA&Ms).
• Lead remediation efforts for POA&Ms during CMMC Level 2 gap assessments and prepare onsemi for achieving CMMC Level 2 certification by 2027.
• Oversee ITAR and export compliance remediation for IT-related gaps, partnering with Legal and Compliance teams to ensure regulatory adherence.
• Prepare, maintain, and manage all required documentation, including System Security Plans (SSPs), POA&Ms, security logs, and training records, ensuring audit readiness for government or third-party assessments.
• Advise senior leadership on strategic IT compliance risks, mitigation plans, and integration with business objectives.
• Manage audit readiness and external assessments, ensuring documentation, evidence, and control implementation meet regulatory requirements.
• Monitor regulatory updates (DoD, DDTC, etc.) and recommend adjustments to IT compliance programs.
• Conduct IT compliance gap assessments and collaborate with IT, Business, Facilities, Legal, and Compliance teams to ensure security, access, and incident reporting controls comply with CUI, ITAR, and EAR requirements.
• Support incident reporting and response coordination, ensuring DFARS and ITAR/EAR IT requirements are met.
• Develop, implement, and enforce cybersecurity policies, incident response plans, and SSPs to protect CUI.
• Maintain compliance metrics and risk tracking, reporting status and findings to leadership.
• Continuously evaluate and enhance compliance programs, incorporating industry best practices and benchmarking.
• Lead policy governance, including development, review, and lifecycle management of compliance-related policies.
• Develop and deliver compliance training and awareness programs for employees and contractors handling CUI or export-controlled data.
• Provide end-user support and training on IT tools, cybersecurity awareness, and best practices.