Senior Analyst, IT CMMC Compliance

W

Wright Technical Services

Senior Analyst, IT CMMC Compliance

Cleveland, OH
Full Time
Paid
  • Responsibilities

    Job Summary

    Wright Technical Services is proud to represent a highly respected Fortune 500 Global Manufacturer for this position. We have an exciting opportunity for a Senior Analyst, IT, CMMC Compliance who will join our global headquarters team. The Senior Analyst, IT, CMMC Compliance will be responsible for contributing to the company’s CMMC compliance journey and for maintaining the compliance program once fully implemented. This role will own execution of CMMC IT Controls and provide leadership and guidance to the other functions in the company that own CMMC controls, including but not limited to physical security, HR, procurement. This role is part of a team of GRC professionals, collaborates with cross-functional teams, and implements robust strategies to maintain and enhance our compliance posture. 

    Qualifications

    • 5+ years of experience in IT compliance, with deep experience in CMMC Level 1 and Level 2 certification requirements, and NIST and knowledge of DFARS
    • Strong understanding of CMMC (Cybersecurity Maturity Model Certification) and NIST SP 800-171 and NIST 800-53 frameworks, with hands-on experience guiding organizations through CMMC compliance.
    • Strong understanding of IT and cybersecurity principles, risk management, and compliance best practices.
    • Knowledge in technical infrastructure and applications.
    • Proficient understanding of business focus and processes and the ability to inject CMMC compliance into the business through teamwork and influence.
    • Familiarity with relevant compliance management software and tools.
    • Experience in the manufacturing industry, particularly with IT and OT systems, is a plus.
    • Familiarity with other cybersecurity regulations, such as ISO 27001, is a plus.
    • Ability to maintain a high level of integrity, trustworthiness and confidence to represent the company to third-party assessors with the highest level of professionalism.
    • Robust ability to take the initiative to stay current, do research, self-educate
    • Detail-oriented with a commitment to accuracy and data integrity.

    Description and Responsibilities

    • Collaborate with stakeholders across the organization to ensure a clear understanding of CMMC compliance requirements and alignment with business goals.
    • Establish and maintain strong relationships with stakeholders across technology, compliance, cybersecurity, procurement, HR and physical security.
    • Work with internal/external auditors, regulators, assessors, business stakeholders and other functional areas such as Legal, Compliance and HR.
    • Provide guidance and support to other members of the IT team on CMMC compliance-related issues.
    • Train internal teams on CMMC compliance requirements
    • Own the maintenance of comprehensive GRC strategies aligned with CMMC compliance
    • Maintain and enhance CMMC compliance assessment toolkits for testing and validation
    • Maintain documentation and records for CMMC compliance processes, procedures, and standards.
    • Prepare and manage documentation for certification audits, ensuring that all required evidence and controls are in place.

    Additional Responsibilities

    • Stay updated on changes to CMMC guidelines, associated Rules and NIST cybersecurity frameworks, adapting the organization's strategy as needed.
    • Provide subject matter expertise and guidance to internal stakeholders on CMMC, DFARS, NIST SP 800-171, and other relevant cybersecurity regulations.
    • Drive continuous improvement initiatives to enhance the efficiency and effectiveness of CMMC compliance processes and controls.
    • Leverage automation and technology to streamline compliance activities and reporting.
    • Maintain CMMC-focused IT policies, standards and procedures
    • Provide guidance to future expansion of CMMC compliance program to other parts of the business
    • Function as the company’s main point of contact for third-party CMMC assessors
    • Collaborate with third-party CMMC assessors, ensuring a smooth certification process and addressing any non-conformities or challenges during the audit.
    • Own preparation and execution of annual self-attestation processes.
    • Develop and implement risk mitigation plans to address identified issues and minimize exposure to CMMC compliance risks.
    • Develop and implement processes to incorporate IT and business process changes into the CMMC compliance program and associated re-assessment requirements.
    • Oversee the response process for customer CMMC inquiries and collaborate with Procurement on vendor CMMC flow-down requirements and questionnaires.
    • Develop and deliver relevant KPIs and metrics for management consumption.
    • Evaluate CMMC security controls and identify opportunities for improvement and communicate recommendations.
    • Identify and implement improvements to increase efficiency of the compliance program and processes.
    • Collaborate with the Lead, IT Policy and Security Awareness to develop and deliver training programs on CMMC compliance for employees across the organization.

     

    Eligibility: All applications current authorized to live and work in the United States on a Permanent basis are welcome to apply. Must be currently residing in the US. Sponsorship is not available for this position.

    Wright Technical Services and our client are Equal Opportunity Employers. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.