Senior Compliance Analyst

Opportunity Overview

As a Sr. Compliance Analyst, you will own all aspects of cybersecurity compliance for your assigned clients within CyberSheath’s Managed Compliance Services. You will lead compliance efforts and provide oversight for the implementation of cybersecurity frameworks, manage client relationships, and ensure continuous compliance with industry regulations.

Your role will be pivotal in delivering compliance solutions to DIB contractors in accordance with DFARS 252.204-7012, NIST SP 800-171, and CMMC. You will collaborate closely with client technical teams and third-party vendors to ensure compliance and mitigate risks across the entire security landscape.

Key Responsibilities

• Managed Compliance Services Ownership:
  • Primary Point of Contact: Own and lead all compliance efforts for assigned clients, acting as the primary advisor on cybersecurity compliance and regulatory alignment.
  • Client Communication: Maintain proactive communication with clients on compliance status, assessment results, and remediation. Deliver regular updates through executive briefings, business reviews, and detailed reporting.
  • Regulatory Assessments: Lead and execute compliance assessments (e.g., DFARS, NIST 800-171, and CMMC Maturity Level 2). Perform annual assessments and ensure evidence-based control.
• Compliance Frameworks and Audits:
  • Framework Implementation: Lead the implementation and continuous monitoring of compliance frameworks (e.g., NIST SP 800-171, CMMC). Develop and manage System Security Plans (SSPs) and Plans of Action & Milestones (POA&M) for clients.
  • Audit Preparation: Guide clients through internal and external audits, ensuring all necessary evidence, documentation, and artifacts are in place for successful certification.
• Compliance Documentation & Policy Management:
  • Documentation Development: Collaborate with clients to develop, update, and maintain compliance documentation, including policies, procedures, SSPs, POA&Ms, and other governance materials.
  • Policy Enforcement: Ensure compliance policies and procedures aligned with NIST 800-171, CMMC, and DFARS. Provide expertise in drafting and maintaining control documentation.
• Incident Response & Risk Management:
  • Incident Management: Develop and maintain incident response plans. Conduct tabletop exercises with clients to test incident response readiness and improve incident management capabilities.
  • Risk Assessments: Perform regular risk assessments to identify compliance gaps and develop mitigation strategies. Maintain risk registers and ensure continuous improvement of compliance postures.
• Training & Awareness:
  • Security Awareness Training: Deliver or facilitate client training programs, including basic cybersecurity awareness and role-specific training on compliance requirements.