CMMC Compliance Analyst [Remote]

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a CMMC Compliance Analyst in the United States.

This role plays a critical part in ensuring cybersecurity compliance within a highly regulated defense environment, supporting the maintenance and continuous improvement of a CMMC Level 2 enclave. You will be responsible for monitoring, assessing, and documenting compliance with NIST SP 800-171 requirements while ensuring audit readiness across all security controls and artifacts. The position involves close collaboration with security leadership, engineers, and system owners to implement and sustain effective compliance frameworks. You will also support assessments, remediation efforts, and governance activities tied to DoD-related security standards. In this role, you will help strengthen operational security posture through documentation, validation, and continuous monitoring practices. It is an ideal opportunity for a detail-oriented compliance professional who thrives in structured environments and is passionate about cybersecurity governance in mission-critical systems.

Accountabilities

In this role, you will manage continuous compliance and security documentation processes within a CMMC Level 2 environment, ensuring alignment with regulatory and contractual cybersecurity requirements. You will support audit readiness activities, maintain system security documentation, and coordinate remediation efforts to address identified gaps. You will also collaborate with technical and security stakeholders to ensure consistent implementation of required controls and reporting standards.

• Perform continuous monitoring of CMMC Level 2 enclave compliance aligned with NIST SP 800-171
• Maintain and organize audit-ready documentation, policies, procedures, and technical evidence
• Conduct control assessments, validation activities, and track remediation progress
• Manage POA&M documentation, including identification, tracking, and closure of findings
• Support C3PAO assessments, surveillance audits, and re-certification activities
• Utilize GRC tools to monitor controls, track compliance status, and generate reports
• Collaborate with ISSOs, engineers, and system owners to ensure control implementation
• Update System Security Plans (SSPs), network diagrams, and data flow documentation
• Track compliance metrics and report risks and status updates to leadership
• Support continuous improvement of cybersecurity governance and documentation processes

Requirements

The ideal candidate has strong experience in cybersecurity compliance within regulated environments, particularly supporting CMMC, NIST, or federal security frameworks. You should be highly detail-oriented, comfortable working in structured compliance-driven settings, and capable of managing documentation and audit preparation activities with precision. Strong knowledge of defense contracting cybersecurity requirements and hands-on experience with GRC platforms are essential.

• Active CMMC Registered Practitioner Advanced (RPA) certification required
• CMMC Certified Professional (CCP) certification within 6 months of hire
• Experience supporting successful CMMC Level 2 C3PAO assessments
• Strong understanding of NIST SP 800-171 control requirements and assessment objectives
• Knowledge of FAR, DFARS, and Defense Industrial Base cybersecurity requirements
• Experience with continuous monitoring, compliance documentation, and audit preparation
• Familiarity with POA&M management and remediation tracking processes
• Experience using GRC platforms (e.g., ServiceNow IRM, Archer, Diligent, or similar)
• Preferred: CMMC Certified Assessor (CCA) certification
• Preferred: Experience with FedRAMP Moderate/High environments or GovCloud platforms
• Strong analytical, documentation, and communication skills

Benefits

• Competitive salary range: $105,786 – $155,152 depending on location and experience
• Comprehensive health, dental, and vision insurance coverage
• Life insurance and voluntary lifestyle benefit options
• Short-term and long-term financial wellbeing programs
• Flexible remote work opportunity (U.S.-based)
• Access to training and professional development resources
• Inclusive and supportive work environment
• Opportunities to work on high-impact, regulated defense cybersecurity programs
• Bonus and incentive compensation eligibility (based on role and performance)

How Jobgether works:

We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.

We appreciate your interest and wish you the best!

Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.

#LI-CL1

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.