Cybersecurity Certification and Accreditation Analyst
IBM
AWSCloudCyber SecurityJavaScript
Senior GRC Engineer – Government
Workstreet
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteJob Level
Senior
Tech Stack
AWSAzureCyber Security
About the role
- Analyze and interpret CMMC requirements and NIST SP 800-171 controls to ensure client compliance with Department of Defense cybersecurity standards.
- Develop, implement, and maintain System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and other CMMC-required documentation.
- Conduct gap assessments and readiness reviews for organizations pursuing CMMC certification.
- Collaborate with defense contractors to identify and remediate gaps in their cybersecurity programs to meet CMMC Level 1 and Level 2 requirements.
- Guide clients through the CMMC assessment process and coordinate with Certified Third-Party Assessment Organizations (C3PAOs).
- Manage and coordinate multiple CMMC compliance projects across various defense contractors, ensuring timely completion before contract deadlines.
- Lead and mentor a small team of compliance professionals to effectively deliver on CMMC objectives.
- Stay current with evolving CMMC requirements, CMMC 2.0 rulemaking, and DoD cybersecurity policies.
Requirements
- Strong organizational skills with the ability to manage multiple CMMC compliance projects concurrently.
- 5+ years of experience in defense contractor compliance, CMMC, NIST 800-171, NIST 800-53, or FedRAMP implementation.
- 3+ years of leadership experience managing or guiding a small team.
- Deep understanding of CUI handling requirements and DFARS clauses (252.204-7012, 252.204-7019, 252.204-7020, 252.204-7021).
- Experience with NIST SP 800-171 control implementation and assessment.
- Familiarity with DoD supply chain requirements and defense contractor workflows.
- Experience working with small to mid-sized defense contractors.
- Knowledge of common GCC High, Azure Government, or AWS GovCloud environments.
- Experience thriving in a fast-paced startup environment.
- CMMC Registered Practitioner (RP), CMMC Certified Professional (CCP), or CMMC Certified Assessor (CCA) certification (preferred).
- Security+ or CISSP certification (preferred).
- Experience with SPRS reporting and maintaining scores of 110 (preferred).
- Familiarity with ITAR compliance requirements (preferred).
- Ability to obtain U.S public trust security clearance (preferred).
- Previous experience working directly with C3PAOs or as part of assessment teams (preferred).
- Must be a US citizen or permanent resident (due to potential access to CUI).
- Must be located in the United States.
- Ability to obtain security clearance if required by client engagements.
- Available for occasional travel to client sites within the US (estimated 10-20%).
