Alliance Cyber - Cybersecurity Compliance Analyst

The Cybersecurity Compliance Analyst is responsible for ensuring that an organization’s IT infrastructure, policies, and procedures comply with industry standards, regulatory requirements, and cybersecurity best practices. This role involves assessing security controls, identifying compliance gaps, and implementing strategies to meet frameworks such as NIST SP 800-171, CMMC, ISO 27001, and other federal or industry-specific regulations.As a key member of the cybersecurity and governance team, the analyst conducts risk assessments, compliance audits, and control testing to evaluate adherence to security policies and frameworks. They also collaborate with stakeholders to develop, implement, and maintain compliance documentation, ensuring that cybersecurity measures align with both regulatory requirements and business objectives.This position requires a strong understanding of risk management, security frameworks, and IT governance, as well as excellent analytical and communication skills. The Cybersecurity Compliance Analyst plays a crucial role in protecting an organization’s sensitive information by ensuring security policies and controls are effectively designed, implemented, and maintained.

Job Title: Cybersecurity Compliance AnalystLocation: [Insert Location]Job Type: Full-TimeSecurity Clearance: [Specify if required]Certifications: Preferred – CISSP, CISM, Security+, CISA, or other relevant certifications________________________________________Position OverviewThe Cybersecurity Compliance Analyst is responsible for ensuring that organizational security policies, procedures, and technical controls align with industry and government regulatory requirements. This role involves conducting risk assessments, compliance audits, and security control testing to evaluate adherence to frameworks such as NIST SP 800-171, CMMC, ISO 27001, and other cybersecurity compliance standards.As a critical member of the Governance, Risk, and Compliance (GRC) team, the analyst supports the development, implementation, and enforcement of security policies to reduce risk, enhance cybersecurity posture, and maintain compliance with federal and industry regulations. This position requires strong analytical skills, attention to detail, and the ability to collaborate with stakeholders across IT, security, and compliance teams.________________________________________Key Responsibilities• Compliance & Risk Assessment:o Assess organizational security policies and controls for compliance with NIST SP 800-171, CMMC, ISO 27001, HIPAA, GDPR, and other applicable frameworks.o Conduct security control assessments to identify vulnerabilities and recommend remediation strategies.o Perform risk assessments to evaluate threats, vulnerabilities, and potential impacts on organizational operations.• Audit & Documentation:o Assist in internal and external cybersecurity audits, ensuring adherence to contractual and regulatory security requirements.o Develop, update, and maintain compliance documentation, including System Security Plans (SSPs), Risk Assessments, Plan of Action and Milestones (POA&Ms), and Security Control Reports.o Maintain records of compliance findings and track remediation efforts.• Security Policy & Procedure Development:o Work with stakeholders to develop and implement security policies, procedures, and controls in alignment with best practices and regulatory requirements.o Support continuous improvement efforts to enhance security policies and compliance processes.• Incident & Vulnerability Management Support:o Assist in reviewing vulnerability scans, security reports, and risk assessments to identify non-compliance issues.o Support security teams in remediation efforts and track compliance-related vulnerabilities to closure.o Work with IT and cybersecurity teams to ensure security controls are effectively implemented and maintained.• Training & Awareness:o Provide guidance and training to employees and stakeholders on compliance requirements and best practices.o Assist in developing compliance-related training materials and awareness programs.• Collaboration & Reporting:o Work cross-functionally with IT, cybersecurity, legal, and leadership teams to ensure compliance objectives are met.o Prepare compliance status reports for senior management, auditors, and regulatory agencies.________________________________________Required Qualifications & Skills• Education & Experience:o Bachelor’s degree in Cybersecurity, Information Security, Information Technology, or a related field (or equivalent experience).o 3+ years of experience in cybersecurity compliance, risk management, or IT security.o Experience with compliance frameworks such as NIST SP 800-171, CMMC, RMF, ISO 27001, FedRAMP, or HIPAA.• Certifications (Preferred but not Required):o CISSP, CISM, Security+, CISA, CRISC, or equivalent cybersecurity certifications.• Technical Skills & Knowledge:o Understanding of risk management principles, security controls, and regulatory compliance.o Familiarity with security frameworks, DISA STIGs, and vulnerability management tools.o Experience using GRC platforms, security assessment tools, and compliance tracking software.o Knowledge of encryption, access controls, endpoint security, and cloud security principles.• Soft Skills:o Strong analytical and problem-solving abilities.o Excellent written and verbal communication skills.o Ability to work independently and collaboratively in a fast-paced, compliance-driven environment.o Detail-oriented with a strong focus on documentation and accuracy.________________________________________Preferred Qualifications• Experience with DFARS, ITAR, or DoD-related cybersecurity compliance.• Previous work in a federal contracting or government compliance environment.• Familiarity with third-party risk management and vendor compliance assessments.________________________________________Work Environment & Physical Requirements• Work may be performed in a hybrid or on-site environment, depending on company policies.• Occasional travel may be required for audits or compliance-related engagements.