CMMC Compliance Analyst L2

CMMC Compliance Analyst L2

Company Overview:
Our partner is a leading technology solutions provider dedicated to supporting critical government initiatives. We are currently augmenting the Governance, Risk, and Compliance (GRC) team of a key client, to facilitate their achievement of Cybersecurity Maturity Model Certification (CMMC) Level 2. This high-impact project involves assisting Project Management Entities (PMEs) in developing and completing their System Security Plans (SSPs) and ensuring robust cybersecurity posture.


Position Summary:
We are seeking highly motivated and detail-oriented CMMC Level 2 Compliance Analysts to join our team. In this role, you will play a crucial part in guiding our partner PMEs through the complex CMMC Level 2 certification process. You will leverage your expertise in cybersecurity and compliance frameworks to review documentation, identify gaps, and provide essential guidance to ensure adherence to NIST SP 800-171 controls and CMMC requirements. This is a critical project with a significant impact on national security.


Key Responsibilities:

• Assist PMEs in the development and completion of their System Security Plans (SSPs).
• Review PME-submitted evidence and documentation, including asset classification and boundary diagrams, to identify compliance gaps against CMMC Level 2 and NIST SP 800-171 controls.
• Provide clear, actionable feedback and guidance to PMEs on interpreting complex cybersecurity controls and improving the quality and accuracy of their compliance documentation.
• Collaborate with Cyber and GRC teams to streamline the SSP review process and address data accuracy issues.
• Support PMEs in understanding and implementing the inheritance model for applicable controls.
• Contribute to the establishment and maintenance of a monitoring and reporting framework for PME progress.
• Potentially assist in developing targeted training or guidance materials to enhance PME cybersecurity expertise.
• Maintain meticulous records of reviews, feedback, and PME progress.

Required Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent practical experience.
• Proven experience in cybersecurity, GRC, or IT compliance roles.
• Strong understanding of cybersecurity frameworks, particularly NIST SP 800-171 and the Cybersecurity Maturity Model Certification (CMMC) program, especially Level 2 requirements.
• Experience with System Security Plans (SSPs) and their role in demonstrating compliance.
• Ability to interpret and apply complex security controls and regulatory requirements.
• Excellent analytical, problem-solving, and communication skills, with the ability to explain technical concepts to individuals with varying levels of cybersecurity expertise.
• Detail-oriented with strong organizational skills and the ability to manage multiple tasks in a fast-paced environment.
• U.S. Citizenship is required.

Preferred Qualifications:

• Relevant certifications such as CMMC Certified Professional (CCP), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA).
• Experience working with government contractors or within the Defense Industrial Base (DIB).
• Familiarity with GRC software platforms.
• Prior experience in a client-facing or resource augmentation role.