Support CDW’s Global Information Security organization in maintaining continuous compliance with Cybersecurity Maturity Model Certification (CMMC), NIST 800‑171, and related government security requirements.
Perform detailed technical, documentation, and evidence‑gathering activities to support assessments, audits, and system onboarding.
Develop remediation plans, validate control execution, document system architectures and connections, review contractual security requirements, and ensure accurate compliance records in the GRC platform.
Work with control owners to ensure timely execution and effectiveness of controls.
Conduct interviews for security controls and collect objective evidence for compliance assessment.
Develop and update Operational Plan of Action (OPA) to address gaps and compliance issues.
Remediate findings, track progress, and reassess post-remediation.
Draft, update, and finalize System Security Plan (SSP) for systems in scope and new systems under evaluation.
Use the GRC platform to manage controls effectiveness status, documentation, and evidence.
Update or create policies and procedures to support compliance.
Develop detailed architecture and data flow diagrams for all in-scope systems.
Review and document all connections (APIs, ports, protocols, services) for in-scope systems and physical locations.
Identify and document all external and cloud service providers associated with in-scope environments.
Review Government contracts and RFPs to identify obligations, assess feasibility, and ensure security requirements are met before commitment.
Independently review and revise information security clauses in customer and vendor contractual agreements to ensure compliance with company policies.
Perform other work as assigned to support overall Security Risk Management team objectives.

Requirements

Bachelor's degree with 5 years of experience in security risk management, audit, or compliance, or related roles, to include 2-year hands on experience with CMMC Level 2, NIST SP 800-171, or similar frameworks
9 years of total Information Technology experience including 5 years of experience in security risk management, audit, compliance or related roles, to include 2-year hands on experience with CMMC Level 2, NIST SP 800-171, or similar frameworks
Experience with SSP, documentation and remediation activities, and compliance evidence gathering.
Experience with architecture documentation and data flow diagrams.
Understanding of APIs, ports, protocols, and system interconnections.
Knowledge of cloud service provider compliance requirements.
Strong analytical, documentation, critical thinking, and problem-solving skills.
Strong attention to detail and ability to understand legal requirements in contracts.
Ability to conduct interviews and communicate effectively with technical and non-technical stakeholders.
CCMC Certified Professional (CCP), CCA, CISSP, CISA or similar compliance/security certifications, a plus.
Master’s degree, a plus.

Benefits

Annual bonus target of 5% subject to terms and conditions of plan

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

CMMC Level 2NIST 800-171SSPdocumentationremediationarchitecture documentationdata flow diagramsAPIsportsprotocols

Soft Skills

analytical skillsdocumentation skillscritical thinkingproblem-solvingattention to detailcommunication skillsinterpersonal skills

Certifications

CCMC Certified Professional (CCP)CCACISSPCISA