Cybersecurity Compliance Advisory Analyst I
| Company | Sierra Nevada Coporation |
|---|---|
| Location | Hagerstown, MD, USA, Sparks, NV, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Entry Level/New Grad, Junior |
Requirements
- Bachelor’s degree in a related discipline or 0 – 2 years of relevant experience
- A higher level degree may substitute for experience
- Related experience may be considered in lieu of required education
- Foundational understanding or strong desire to learn about NIST SP 800-171, DFARS 252.204-7012, and the Cybersecurity Maturity Model Certification (CMMC) 2.0
- Strong analytical and organizational skills, with attention to detail
- Good written and verbal communication skills
- Ability to learn quickly and work effectively as part of a team
Responsibilities
- Assist in conducting cybersecurity due diligence by reviewing basic contracts to identify cybersecurity requirements for suppliers, subcontractors, and vendors.
- Monitor supplier and vendor cybersecurity performance to identify compliance with contractual obligations and regulatory standards.
- Support the documentation and tracking of supplier and vendor compliance issues, and assist in managing routine communication with suppliers and vendors regarding cybersecurity incidents.
- Help ensure procurement and subcontract processes align with cybersecurity regulations, including DFARS 252.204-7012, CMMC, organizational requirements, and industry best practices.
- Research and stay informed of evolving regulations, best practices, and standards affecting supplier and vendor compliance with DFARS and CMMC.
- Support the GRC team in developing and implementing a unified CMMC and DFARS compliance program.
- Assist in interpreting and translating cybersecurity regulations (NIST SP 800-171, CMMC, and DFARS 252.204-7012) into actionable guidance and contribute to process improvement.
- Support participation in gap analyses to help identify deficiencies and risks.
- Assist in collecting data for continuous monitoring programs and key performance indicators (KPIs) to track compliance and risks related to suppliers, subcontractors, and vendors handling CUI or FCI.
- Help system owners gather documentation to prepare for internal and external assessments (mock assessments, readiness reviews).
Preferred Qualifications
- Proven track record of maintaining the confidentiality of high-sensitivity projects and data.
- Ability to perform critical-incident response.
- Ability to read and interpret security and technical documentation.
- Internship or project experience related to cybersecurity, IT audit, or compliance.
- Familiarity with contract language or supply chain concepts.
- Familiarity with ISO 9001 concepts.
- Relevant entry-level industry certifications (e.g., CompTIA A+, Network+, Security+) are a plus, but not required.