CMMC Process Analyst

Job Description

Job Description

Summary: The CMMC Process Analyst is responsible for maintaining a high degree of support for management of CUI enforcing CMMC best practices aligned with processes. Document processes in accordance with Controlled Unclassified Information, CMMC, NIST 800 and government regulations. Provide companywide support, follow up cyber security bulletins and coordinate review and fixes accordingly.

Essential job Duties:

· Technical Support Level 2 (in-depth diagnostics, deep problem-solving to find root causes, system and software configuration, network troubleshooting, and contributing to documentation and projects)

· Maintains proficiency and comprehensive knowledge and the ability to manage Controlled Unclassified Information (CUI) in compliance with applicable regulations

· Proficient/ Expert with NIST standards

· Proficient/ Expert with CMMC 2.0

· Competent knowledge of systems and cybersecurity

· Assists the Systems and Network Manager with cybersecurity projects and tasks.

· Implements and optimizes programs aligned with NIST SP 800‑171, CMMC, FedRAMP, and other applicable frameworks

· Develops and maintains System Security Plans (SSPs), Plan of Action & Milestones (POA&Ms), and other artifacts for audit readiness

· Performs enterprise-wide risk assessments, vulnerability analyses, threat modeling, and control testing

· Coordinate drafting, revision, and lifecycle management of IT policies, procedures and memos in alignment with NIST SP 800-171 and CMMC requirements

· Maintains compliance dashboards, evidence repositories, and control libraries

· Manages Change Control Board processes and policy change workflows

· Analyzes audit findings and continuous monitoring data to assess impact on CMMC maturity and enterprise cybersecurity effectiveness

· Collaborates with other business lines to ensure that new and existing systems, services, and vendor practices comply with information safeguarding requirements and other organizational requirements

· Ensure organizational policies reflect current regulatory and contractual obligations

· Translates complex technical and compliance information into actionable guidance for non‑technical stakeholders

· Monitors changes in federal cybersecurity laws, standards, and frameworks relevant to CUI protection

· Adheres to internal IT Procedures and suggests improvements if needed

· Responsible for working according to the company’s safety and quality standards

· Maintains a safe and clean work area

· Performs other related duties as required and assigned

Education & Experience:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related discipline
• Must be a U.S. citizen and able to pass a background check
• Minimum of 5 years of Proficient/ Expert in Cybersecurity, Security Analysis, or a related field
• Industry‑recognized certifications, such as CISM, CASP +, CISSP, CISA, Security +, or other IT credentials demonstrating knowledge management fundamentals, preferred.
• Language Proficiency: All candidates must be fluent in English, with the ability to speak, read, and write at a professional level.