CyberSheath - Compliance Analyst
Upload My Resume
Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT
Requirements
• Ability to build and troubleshoot systems (e.g., servers, Active Directory). • Understanding of network fundamentals, cloud technologies (IaaS, PaaS, SaaS), and cybersecurity • Industry Experience: Experience within the Defense Industrial Base (DIB), with expertise in assessing compliance for DIB contractors. • Framework Expertise: Direct, hands-on experience with NIST 800-171, CMMC, DFARS 252.204-7012. Must have led compliance assessments and demonstrated independent leadership of audits or regulatory • Certifications: CMMC Certified Assessor, CISSP, CISM, or other relevant cybersecurity certifications • Soft Skills (Grit, Communication, and Adaptability) • Grit: Passion for working in a challenging, fast-paced A "whatever it takes" attitude and a commitment to continuous learning and improvement. • Communication: Excellent verbal and written communication skills. Ability to convey complex compliance requirements clearly to both technical and non-technical stakeholders. • Adaptability: Comfortable working independently, pivoting when necessary, and raising your hand when additional resources are needed. Strong follow-through and reliability in meeting deadlines.
Responsibilities
• Managed Compliance Services Ownership • Primary Point of Contact: Own and lead all compliance efforts for assigned clients, acting as the primary advisor on cybersecurity compliance and regulatory alignment. • Client Communication: Maintain proactive communication with clients on compliance status, assessment results, and remediation Deliver regular updates through executive briefings, business reviews, and detailed reporting. • Regulatory Assessments: Lead and execute compliance assessments (e.g., DFARS, NIST 800-171, and CMMC Maturity Level 2). Perform annual assessments and ensure evidence-based control • Compliance Frameworks and Audits • Framework Implementation: Lead the implementation and continuous monitoring of compliance frameworks (e.g., NIST SP 800-171, CMMC). Develop and manage System Security Plans (SSPs) and Plans of Action & Milestones (POA&M) for clients. • Audit Preparation: Guide clients through internal and external audits, ensuring all necessary evidence, documentation, and artifacts are in place for successful certification. • Compliance Documentation & Policy Management • Documentation Development: Collaborate with clients to develop, update, and maintain compliance documentation, including policies, procedures, SSPs, POA&Ms, and other governance materials. • Policy Enforcement: Ensure compliance policies and procedures aligned with NIST 800-171, CMMC, and DFARS. Provide expertise in drafting and maintaining control documentation. • Incident Response & Risk Management • Incident Management: Develop and maintain incident response plans. Conduct tabletop exercises with clients to test incident response readiness and improve incident management capabilities. • Risk Assessments: Perform regular risk assessments to identify compliance gaps and develop mitigation strategies. Maintain risk registers and ensure continuous improvement of compliance postures. • Training & Awareness • Security Awareness Training: Deliver or facilitate client training programs, including basic security awareness, privileged user training, and handling of Controlled Unclassified Information (CUI).
Benefits
• $110,000—$130,000 USD
No credit card. Takes 10 seconds.