Cybersecurity Compliance Analyst

Duties & Responsibilities

Responsible for supporting the organization’s cybersecurity and regulatory compliance program. Assists the Director of Cybersecurity Compliance in reviewing, maintaining, and implementing security standards, policies, and procedures applicable to internal operations and external client services. As directed by the Director of Cybersecurity Compliance or Director of Quality Management: 

• Supports DigiFlight’s Cybersecurity Maturity Model Certification (CMMC) Level 2 readiness, certification, and maintenance in support of DoD contract requirements.
• Leadsor participates ininternalCMMC control audits, gap assessments, and readiness assessments, compiles findings, observations, and recommendations and reports results to the Director of Cybersecurity Compliance.
• As a Cyber AB Registered Practitioner (RP),leads orsupports delivery of CMMC services for external organizations, including gap assessments and readiness assessments, and provides documented remediation recommendations aligned with CMMC requirements. 
• Assists internal stakeholders and external clients with compliance-related activities, including evidence collection, interviews, and clarification of control implementation expectations. 
• Periodically reviews and audits compliance documentation, including policies, procedures, System Security Plans (SSPs), and supporting artifacts, to verify alignment with applicable regulatory and contractual requirements. 
• Performs or participates in quality audits and appraisals; compiles findings and reports to the Quality Control Manager/Sr.Directorduring the audits.
• Maintains and updates cybersecurity and compliance documentation, including policies, procedures, and SSPs, to ensure accuracy and consistency with implemented controls and organizational practices.  
• Prepares Configuration Control Board (CCB) agendas, facilitates CCB meetings, and documents decisions, approvals, and action items to support change and configuration management governance. 
• Facilitates Vulnerability Management meetings, including review of vulnerability scan results, remediation activities, and risk acceptance decisions; tracks corrective actions and supports continual improvement efforts. 
• Assists the Director of Cybersecurity Compliance and process action owners with corrective actions, remediation planning, and compliance improvement initiatives; compiles reports and recommendations and facilitates communication with appropriate personnel. 

CMMC Readiness & Pre-Assessment Advisory

• Lead or supportclientreadiness reviews and mock assessments
• Evaluate organizational preparedness for CMMC certification
• Provide guidance on:

• Certification boundary definition
• Control implementation expectations
• Evidence sufficiency and documentation quality

• Identifyrisks that mayimpactassessment outcomes

Minimum Experience

3–5 years of experience in cybersecurity governance, risk, and compliance (GRC) including experience with one or more of the following frameworks or programs: 

• CMMC / NIST SP 800-171 
• NIST SP 800-53 
• ISO/IEC 27001: 2022 
• FedRAMP 
• SOC 2 
• CMMI 
  

Desired

• Cyber AB Registered Practitioner (RP) 
• Cyber AB CMMC Certified Professional (CCP) or Cyber AB CMMC Certified Assessor (CCA) 
• Familiarity with the generative and agentic AI
• CGRC or equivalent security or compliance certification 
• Experience supporting gap assessments, readiness assessments, or third-party audits 

Required Skills

• Experience working with or within3PAOs or accredited assessment bodies
• Familiarity with federal frameworks such as: FedRAMP
• DFARS 252.204-7012
• Experience assessing complex environments (cloud, hybrid, MSPs, enclaves)
• Strong judgment and decision-making authority
• Deep expertise in control evaluation and evidence validation
• Ability to assess ambiguous or partially implemented controls
• Executive-level communication and stakeholder engagement
• Ability to work effectively with personnel at all organizational levels, including leadership and external clients
• Strong organizational and documentation skills with attention to detail 
• Proficiency with Microsoft Office applications, including Word, Excel, PowerPoint, and SharePoint
• High ethical standards and professional integrity

Considerations

• Must avoid conflicts of interest in accordance with applicable CMMC ecosystem expectations