CMMC Compliance Analyst

U.S. citizenship required, eligible for a Secret clearance. 2-5 years of experience in information security, IT compliance, cybersecurity auditing, GRC, or similar roles. Practical experience working with CMMC, NIST 800-171, NIST 800-53, DFARS 7012, or NIST RMF. Demonstrated ability to lead and make decisions on compliance-related matters. Experience reviewing and developing policies, procedures, SSPs, POA&Ms, risk assessments. Working knowledge of technical environments such as IAM, endpoint protection, logging/monitoring, vulnerability management. Strong written and verbal communication skills. Ability to work independently, manage multiple client tasks, and follow structured workflows. CompTIA Security+ certification required within the first 2 months of hire.

Receive, triage, and analyze compliance-related requests, documentation, and assessment findings. Support the development and maintenance of System Security Plans (SSPs), POA&Ms, policy sets, procedures, and control documentation. Review client technical configurations against NIST/CMMC compliance objectives and document gaps. Communicate with clients to gather evidence, clarify processes, and maintain progress visibility. Assist in the management, implementation, and validation of compliance controls across CMMC, NIST 800-171, and/or DFARS 7012. Contribute to internal compliance documentation templates and client-facing guidance materials. Support the creation of compliance reports, risk assessments, and executive presentations.