Apply on Employer Site

Brighton Marine · 23 hours ago

Senior Cybersecurity Governance, Risk & Compliance (GRC) and Cyber Operations Specialist

DC-Baltimore Area

Full-time

Hybrid

Senior Level

$175K/yr - $220K/yr

5+ years exp

Brighton Marine is seeking an experienced Cybersecurity Governance, Risk & Compliance (GRC) and Cyber Operations Specialist to design, implement, and sustain a full CMMC Level 2-aligned cybersecurity program. This role involves policy and compliance development along with hands-on cyber operational support, requiring significant federal cybersecurity experience and deep knowledge of CMMC Level 2 and NIST SP 800-171 requirements.

Health CareHealth DiagnosticsMedicalNon ProfitPrimary and Urgent Care

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Conduct full CMMC Level 2 gap assessments , including technical, documentation, and evidence requirements

Develop or refresh the complete suite of CMMC Level 2 policies, procedures, SOPs, standards, and artifacts

Establish and maintain evidence-generation processes, compliance workflows, and control owner mappings

Create and maintain the CMMC compliance boundary , including enclave definitions and trust boundary diagrams

Build or update all required cybersecurity documentation, including:

System Security Plan (SSP)•

Network / data flow / trust boundary diagrams•

Control implementation statements•

POA&M and risk register•

Incident Response Plan & playbooks•

Disaster Recovery & Continuity of Operations documents•

Configuration baselines and hardening guides•

Audit & assessment plans•

Implement assigned cybersecurity controls and develop repeatable processes to achieve and maintain CMMC compliance

Establish operational workflows to support evidence generation, logging, monitoring, MFA, RBAC, vulnerability management, and configuration management

Integrate cybersecurity controls with IT service delivery processes (e.g., onboarding, offboarding, patch cycles)

Maintain and continuously improve the CMMC Level 2 control environment

Perform recurring control checks, evidence collection, and documentation updates

Support annual self-assessments and external C3PAO assessments

Maintain a live POA&M and coordinate remediation and risk mitigation efforts

Produce quarterly risk posture reports and recurring GRC reporting

Track vulnerabilities, coordinate patching, and support remediation planning

Review and analyze security logs within SIEM tools for anomalies or potential security events

Provide triage and support for low/medium severity incidents; participate in IR exercises

Maintain configuration baselines, control mappings, and support security change management

Support audit and evidence binder refresh cycles

Qualification

CMMC Level 2NIST SP 800-171Federal CybersecuritySIEM platformsVulnerability management toolsIncident response processesDFARS 252.204-7012CISSPCISMSecurity+CCAKPolicy writingCommunication skills