CMMC Compliance Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

Sentinel Blue · 1 month ago

CMMC Compliance Analyst

positionUnited States
timeFull-time
remoteRemote
seniorityEntry, Mid Level
date2+ years exp

Sentinel Blue is a company focused on providing enterprise-class cybersecurity to small and medium-sized businesses. They are looking for a CMMC Compliance Analyst to support clients in meeting regulatory and security standards through compliance assessments, documentation reviews, and process improvements.

Cloud SecurityCyber SecurityIT Management
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Receive, triage, and analyze compliance-related requests, documentation, and assessment findings, and work to resolve issues through research, evidence collection, and stakeholder coordination
Support the development and maintenance of System Security Plans (SSPs), POA&Ms, policy sets, procedures, and control documentation across client environments
Review client technical configurations (e.g., access controls, logging, encryption, segmentation, backup strategies) against NIST/CMMC compliance objectives and document gaps or remediation actions
Communicate with clients through email, chat, meetings, and interviews to gather evidence, clarify processes, and maintain progress visibility on compliance deliverables
Assist in the management, implementation, and validation of compliance controls across CMMC, NIST 800-171, and/or DFARS 7012
Contribute to internal compliance documentation templates, client-facing guidance materials, and evidence repositories that streamline audit readiness
Support the creation of compliance reports, risk assessments, briefs, and executive presentations that translate findings into clear business narrative

Qualification

CMMC complianceNIST 800-171NIST 800-53CompTIA Security+Cybersecurity auditingGRC experiencePolicy developmentRisk assessmentsClient-facing experienceCommunicationAttention to detailTeam collaboration

Required

U.S. citizenship - by nature of our work with the defense industry, all employees must be eligible for a Secret clearance
2-5 years of experience in information security, IT compliance, cybersecurity auditing, GRC, or similar roles
Practical experience working with CMMC, NIST 800-171, NIST 800-53, DFARS 7012, or NIST RMF in a professional environment
Demonstrated ability to lead and make decisions on compliance-related matters, including interpreting control intent, assessing evidence, and determining whether control requirements have been met
Experience reviewing and developing policies, procedures, SSPs, POA&Ms, risk assessments, or similar compliance documentation
Working knowledge of technical environments such as IAM, endpoint protection, logging/monitoring, vulnerability management, segmentation, and backup/recovery strategies
Strong written and verbal communication skills, especially when translating technical information into actionable compliance guidance
Ability to work independently, manage multiple client tasks, and follow structured workflows to drive compliance activities to timely completion
CompTIA Security+ certification is required in the first 2 months of hire

Preferred

Relevant certifications such as CMMC Certified Professional (CCP), Certified CMMC Assessor (CCA), CMMC Practitioner Instructor (PI), and/or CISSP
Experience working in a multi-client consulting or managed services environment. Prior work supporting multiple organizations simultaneously is highly valued
Familiarity with Azure Government and Office 365 GCC High environments, including their unique compliance and security requirements
Practical understanding of security and compliance policies such as least privilege, RBAC, audit logging, configuration baselines, change management, and endpoint protection
Experience in a client-facing professional role, whether in IT, compliance, consulting, audit support, or similar fields
Strong interest in cloud-first architecture and securing environments built in Azure or Microsoft 365
Experience with related frameworks such as NIST 800-53, FedRAMP, ISO 27001, CIS Controls, or SOC 2
Ability to interpret control intent, analyze evidence, and evaluate whether technical or procedural safeguards meet compliance objectives
Demonstrated passion for learning and professional growth, including potential development toward roles such as Compliance Manager
Bachelor's or Master's degree in Cybersecurity, Information Systems, Computer Science, Business, or a related field

Benefits

Fully paid individual healthcare, vision and dental insurance for the employee.
Paid certification and training opportunities.
Three weeks of paid vacation + 10 paid holidays.
A supportive environment with a focus on keeping healthy work-life balance.
Retirement benefit (401k) with company match.

Company

Sentinel Blue

twittertwittertwitter
company-logo
Sentinel Blue is a cybersecurity company that offers extensive managed IT, cloud, and cybersecurity solutions to SMEs.
dateFounded in 2020
location
Warrenton, Virginia, USA
people-size11-50 employees
web-link
https://www.sentinelblue.com

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Andy Sauer
Partner & CISO
linkedin

Recent News

EIN Presswire
Sentinel Blue Achieves CMMC Level 2 Certification, Sets Benchmark with Early Compliance Under DoD’s New Framework
2025-01-22
Company data provided by crunchbase