Copy of Cybersecurity Compliance Analyst – ISO Audit Support

Description

Centex Technologies seeks a skilled Cybersecurity Compliance Analyst to augment ISO audit operations across multiple program enclaves.

This hybrid position focuses on pre-audit preparation, evidence gathering, compliance documentation, and collaborative support for organizations pursuing NIST 800-171 and CMMC certification objectives.

The ideal candidate will serve as a compliance facilitator, data coordinator, and documentation specialist rather than a traditional system administrator.

This role supports mission-critical systems through meticulous attention to compliance frameworks, with particular emphasis on NIST 800-171 requirements and forward integration of COREnet System Security Plans (SSPs) for CMMC inheritance.

Essential Duties and Responsibilities

Primary Responsibilities

System Security Plan (SSP) Development and Documentation (40%)

• Draft, review, and update System Security Plans (SSPs) for multiple program enclaves
• Ensure SSP accuracy, completeness, and alignment with NIST 800-171 requirements
• Support service boundary definition and clarity updates across tenant systems
• Collaborate with technical teams to translate system configurations into compliance documentation
• Maintain version control and change management for SSP documentation

Pre-Audit Evidence Gathering and Coordination (35%)

• Coordinate and facilitate pre-audit evidence collection activities across program teams
• Organize and catalog compliance artifacts, policies, procedures, and technical documentation
• Conduct inventory data collection and validation to meet audit minimum requirements
• Support material build-up tasks including evidence packages, control matrices, and compliance dashboards
• Interface with stakeholders to ensure timely submission of required documentation

Compliance Framework Implementation (15%)

• Support implementation of NIST 800-171 controls across organizational enclaves
• Facilitate integration of COREnet SSPs for CMMC inheritance objectives
• Conduct gap analysis between current state and compliance requirements
• Track remediation activities and maintain compliance status reports
• Support continuous monitoring and ongoing compliance validation activities

Stakeholder Collaboration and Reporting (10%)

• Facilitate compliance workshops, walkthroughs, and coordination meetings
• Provide regular status updates to program managers and compliance leadership
• Support internal and external audit activities as compliance liaison
• Develop and maintain compliance metrics, dashboards, and executive reporting
• Coordinate with Information System Security Officers (ISSOs) and System Owners

Work Environment and Physical Requirements

Work Arrangement

• Hybrid position with flexible remote and on-site requirements

Physical Requirements

• Prolonged periods working at a computer workstation
• Ability to participate in virtual and in-person meetings
• Occasional lifting of equipment or materials up to 20 pounds
• Standard office environment with ergonomic workstation setup

Requirements

Required Qualifications

Education

• Bachelor's degree in Cybersecurity, Information Technology, Information Systems, Business Administration, or related field
• Equivalent combination of education and experience may be considered

Experience

• Minimum 3-5 years of experience in cybersecurity compliance, IT audit, or risk management
• Demonstrated experience with compliance frameworks, preferably NIST 800-171, NIST 800-53, or similar federal standards
• Experience with System Security Plan (SSP) development or documentation
• Proven track record in pre-audit preparation and evidence gathering activities
• Technical Knowledge
• Working knowledge of NIST 800-171 security controls and requirements
• Understanding of cybersecurity principles, risk management, and control frameworks
• Familiarity with federal compliance requirements (FISMA, FedRAMP, CMMC, or similar)
• Experience with compliance documentation tools and systems

Skills and Competencies

• Exceptional written and verbal communication skills
• Strong organizational skills with keen attention to detail
• Ability to manage multiple priorities and deadlines simultaneously
• Collaborative mindset with ability to work across technical and non-technical teams
• Proficiency in Microsoft Office Suite, particularly Excel and Word
• Experience with documentation management systems and collaborative platforms
• Clearance and Citizenship
• U.S. Citizenship required
• Ability to obtain and maintain required security clearances as needed
• Background check and reference verification required

Preferred Qualifications

• Certifications (One or More Highly Desired)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Authorization Professional (CAP)
• Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA)
• CompTIA Security+
• Certified Internal Auditor (CIA)
• ISO 27001 Lead Auditor or Lead Implementer

Additional Experience

• Direct experience supporting CMMC assessments or certifications
• Experience with COREnet or similar inherited control environments
• Previous work in defense contracting or federal government environments
• Experience with GRC (Governance, Risk, and Compliance) platforms such as Archer, ServiceNow GRC, or similar tools
• Knowledge of DoD supply chain security requirements