Copy of Cybersecurity Compliance Analyst β ISO Audit Support
Centex TechnologiesCentex Technologies seeks a skilled Cybersecurity Compliance Analyst to augment ISO audit operations across multiple program enclaves.
This hybrid position focuses on pre-audit preparation, evidence gathering, compliance documentation, and collaborative support for organizations pursuing NIST 800-171 and CMMC certification objectives.
The ideal candidate will serve as a compliance facilitator, data coordinator, and documentation specialist rather than a traditional system administrator.
This role supports mission-critical systems through meticulous attention to compliance frameworks, with particular emphasis on NIST 800-171 requirements and forward integration of COREnet System Security Plans (SSPs) for CMMC inheritance.
Essential Duties and Responsibilities
Primary Responsibilities
System Security Plan (SSP) Development and Documentation (40%)
- Draft, review, and update System Security Plans (SSPs) for multiple program enclaves
- Ensure SSP accuracy, completeness, and alignment with NIST 800-171 requirements
- Support service boundary definition and clarity updates across tenant systems
- Collaborate with technical teams to translate system configurations into compliance documentation
- Maintain version control and change management for SSP documentation
Pre-Audit Evidence Gathering and Coordination (35%)
- Coordinate and facilitate pre-audit evidence collection activities across program teams
- Organize and catalog compliance artifacts, policies, procedures, and technical documentation
- Conduct inventory data collection and validation to meet audit minimum requirements
- Support material build-up tasks including evidence packages, control matrices, and compliance dashboards
- Interface with stakeholders to ensure timely submission of required documentation
Compliance Framework Implementation (15%)
- Support implementation of NIST 800-171 controls across organizational enclaves
- Facilitate integration of COREnet SSPs for CMMC inheritance objectives
- Conduct gap analysis between current state and compliance requirements
- Track remediation activities and maintain compliance status reports
- Support continuous monitoring and ongoing compliance validation activities
Stakeholder Collaboration and Reporting (10%)
- Facilitate compliance workshops, walkthroughs, and coordination meetings
- Provide regular status updates to program managers and compliance leadership
- Support internal and external audit activities as compliance liaison
- Develop and maintain compliance metrics, dashboards, and executive reporting
- Coordinate with Information System Security Officers (ISSOs) and System Owners
Work Environment and Physical Requirements
Work Arrangement
- Hybrid position with flexible remote and on-site requirements
Physical Requirements
- Prolonged periods working at a computer workstation
- Ability to participate in virtual and in-person meetings
- Occasional lifting of equipment or materials up to 20 pounds
- Standard office environment with ergonomic workstation setup
Required Qualifications
Education
- Bachelor's degree in Cybersecurity, Information Technology, Information Systems, Business Administration, or related field
- Equivalent combination of education and experience may be considered
Experience
- Minimum 3-5 years of experience in cybersecurity compliance, IT audit, or risk management
- Demonstrated experience with compliance frameworks, preferably NIST 800-171, NIST 800-53, or similar federal standards
- Experience with System Security Plan (SSP) development or documentation
- Proven track record in pre-audit preparation and evidence gathering activities
- Technical Knowledge
- Working knowledge of NIST 800-171 security controls and requirements
- Understanding of cybersecurity principles, risk management, and control frameworks
- Familiarity with federal compliance requirements (FISMA, FedRAMP, CMMC, or similar)
- Experience with compliance documentation tools and systems
Skills and Competencies
- Exceptional written and verbal communication skills
- Strong organizational skills with keen attention to detail
- Ability to manage multiple priorities and deadlines simultaneously
- Collaborative mindset with ability to work across technical and non-technical teams
- Proficiency in Microsoft Office Suite, particularly Excel and Word
- Experience with documentation management systems and collaborative platforms
- Clearance and Citizenship
- U.S. Citizenship required
- Ability to obtain and maintain required security clearances as needed
- Background check and reference verification required
Preferred Qualifications
- Certifications (One or More Highly Desired)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Authorization Professional (CAP)
- Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA)
- CompTIA Security+
- Certified Internal Auditor (CIA)
- ISO 27001 Lead Auditor or Lead Implementer
Additional Experience
- Direct experience supporting CMMC assessments or certifications
- Experience with COREnet or similar inherited control environments
- Previous work in defense contracting or federal government environments
- Experience with GRC (Governance, Risk, and Compliance) platforms such as Archer, ServiceNow GRC, or similar tools
- Knowledge of DoD supply chain security requirements