Sr. Cybersecurity Assurance Analyst

Bachelor’s degree in a related discipline or 10 or more years of relevant experience.
A higher level degree may substitute for experience.
Related experience may be considered in lieu of required education.
Demonstrated understanding and practical experience with FISMA, CIS 20, NIST SP 800-171, DFARS Clause 252.204-7012, or similar requirements.
Proven experience in conducting gap assessments and security control evaluations.
Strong understanding of cybersecurity principles, practices, and technologies.
Excellent analytical, problem-solving, and critical-thinking skills.
Strong communication and interpersonal skills, with the ability to effectively interact with technical and non-technical stakeholders.
Proficiency with MSOffice Applications.
Proficiency with data sampling and attribute analysis.
Proficiency with process flow documentation.
Ability to obtain and maintain a U.S. Security Clearance.

Conduct internal audits and assessments against DFARS 252.204-7012, CMMC 2.0, and NIST SP 800-171 controls and requirements.
Evaluate the design, implementation, and effectiveness of internal security controls, ensuring they align with regulatory requirements and organizational security standards.
Provide expert guidance and support to system owners on preparing for audits, including remediation strategies and best practices for compliance.
Act as a key point of contact and provide direct support during C3PAO CMMC audits, facilitating the audit process and ensuring successful outcomes.
Develop, document, and maintain cybersecurity policies, procedures, and standards to support ongoing compliance efforts.
Analyze complex cybersecurity requirements from DFARS, CMMC, NIST, and other relevant standards, and translate them into actionable implementation plans.
Collaborate closely with cross-functional teams, including IT, engineering, and program management, to address cybersecurity challenges and implement effective security solutions.
Prepare detailed and accurate reports on assessment findings, compliance status, and remediation progress for management review.
Stay abreast of the evolving cybersecurity landscape, including emerging threats, technologies, and regulatory changes, and provide recommendations for proactive security measures.

Prior experience working within the Defense Industrial Base (DIB).
Familiarity with security tools such as GRC platforms, vulnerability scanners, and SIEM.
Familiarity with Information Technology, Audit, Cybersecurity, or Project Management as demonstrated with work toward any of the following or similar certifications:
IT: ITIL, CompTIA A+, Network+, Azure Fundamentals, M365 Fundamentals,
Audit: Certified Internal Auditor, Certified Information System Auditor,
Cybersecurity: Certified Information Security Manager, Security+,
Project Management: CAPM, PMP, Project+
Familiarity with risk management frameworks (e.g., NIST RMF).
Experience developing or managing SSPs and POA&Ms.
Ability to read and interpret security and technical documentation.
Proven track record of maintaining the confidentiality of high-sensitivity projects and data.