Sr GRC Consultant I

CDW

About The Position

At CDW, we make it happen, together. Trust, connection, and commitment are at the heart of how we work together to deliver for our customers. It’s why we’re coworkers, not just employees. Coworkers who genuinely believe in supporting our customers and one another. We collectively forge our path forward with a level of commitment that speaks to who we are and where we’re headed. We’re proud to share our story and Make Amazing Happen at CDW. As a Sr. Government Compliance Analyst, you will support CDW’s Global Information Security organization in maintaining continuous compliance with Cybersecurity Maturity Model Certification (CMMC), NIST 800‑171, and related government security requirements. You will perform detailed technical, documentation, and evidence‑gathering activities to support assessments, audits, and system onboarding. This includes developing remediation plans, validating control execution, documenting system architectures and connections, reviewing contractual security requirements, and ensuring accurate compliance records in the GRC platform. Your work directly contributes to audit readiness, risk reduction, and the overall effectiveness of CDW’s Security Risk Management program. CDW is a Fortune 500 technology solutions provider that helps businesses, government, education, and healthcare organizations achieve what’s possible through technology. What makes CDW different isn’t just what we do—it’s how we do it. At CDW we act as one—building trust, speaking candidly, and working together to achieve more. We play to win—focusing on what matters most and delivering for our customers. And we think forward—staying curious, moving fast, and continuously learning. We believe meaningful work happens when people feel supported, heard, and empowered to contribute. That’s why we think of ourselves as coworkers, not just employees—working together to solve complex challenges and deliver real impact for our customers and communities. As a full‑stack, full‑lifecycle technology partner, CDW brings deep expertise, strong relationships, and broad industry knowledge to help turn ideas into outcomes. When you join CDW, you become part of a collaborative environment where your work matters, your growth is supported, and your contributions help shape what’s next. Together, we deliver the full promise of what technology can do. Together, we Make Amazing Happen. CDW is a leading multi-brand technology solutions provider to business, government, education and healthcare customers in the United States, the United Kingdom and Canada. Our coworkers across the globe are working together to bring technology to life for our customers by solving complicated IT business challenges, providing outstanding service, and orchestrating the technology landscape to optimize our customers’ performance.

Requirements

Bachelor's degree with 5 years of experience in security risk management, audit, or compliance, or related roles, to include 2-year hands on experience with CMMC Level 2, NIST SP 800-171, or similar frameworks, OR 9 years of total Information Technology experience including 5 years of experience in security risk management, audit, compliance or related roles, to include 2-year hands on experience with CMMC Level 2, NIST SP 800-171, or similar frameworks.
Experience with SSP, documentation and remediation activities, and compliance evidence gathering.
Experience with architecture documentation and data flow diagrams.
Understanding of APIs, ports, protocols, and system interconnections.
Knowledge of cloud service provider compliance requirements.
Strong analytical, documentation, critical thinking, and problem-solving skills.
Strong attention to detail and ability to understand legal requirements in contracts.
Ability to conduct interviews and communicate effectively with technical and non-technical stakeholders.
Ability to provide information and/or documentation needed to determine whether you are a “U.S. Person” as defined under ITAR (U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee) or otherwise eligible for authorized access under applicable federal regulations, including U.S. government contract requirements for restricted or export-controlled CUI and related personnel-screening obligations.

Nice To Haves

CCMC Certified Professional (CCP), CCA, CISSP, CISA or similar compliance/security certifications
Master’s degree

Responsibilities

Work with control owners to ensure timely execution and effectiveness of controls.
Conduct interviews for security controls and collect objective evidence for compliance assessment.
Develop and update Operational Plan of Action (OPA) to address gaps and compliance issues.
Remediate findings, track progress, and reassess post-remediation.
Draft, update, and finalize System Security Plan (SSP) for systems in scope and new systems under evaluation.
Use the GRC platform to manage controls effectiveness status, documentation, and evidence.
Update or create policies and procedures to support compliance.
Develop detailed architecture and data flow diagrams for all in-scope systems.
Review and document all connections (APIs, ports, protocols, services) for in-scope systems and physical locations.
Identify and document all external and cloud service providers associated with in-scope environments.
Review Government contracts and RFPs to identify obligations, assess feasibility, and ensure security requirements are met before commitment.
Independently review and revise information security clauses in customer and vendor contractual agreements to ensure compliance with company policies.
Perform other work as assigned to support overall Security Risk Management team objectives.