IT Compliance Analyst

IT Compliance AnalystPosition Title: IT Compliance AnalystLocation: Hybrid Remote. The position is work from home but may require occasional trips to Indian Head, MDEmployment Type: Full-TimeClearance: Ability to Obtain and Maintain a DoD Secret ClearanceCitizenship: U.S. Citizenship RequiredPOSITION SUMMARYWe are seeking a knowledgeable, organized, and motivated IT Compliance Analyst to join our team of 23 employees. The primary focus of this role is to lead and support the companys efforts in obtaining and maintaining compliance with the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC). In addition, this individual will be responsible for the day-to-day management, maintenance, and security of the organizations computer systems, networks, and software. The ideal candidate will be highly organized, have hands-on experience with CMMC frameworks, a strong understanding of NIST SP 800-171 controls, and the ability to serve as the organizations primary IT resource.ESSENTIAL DUTIES AND RESPONSIBILITIESCMMC Compliance (Primary Focus)Lead the organization through the CMMC assessment and certification process, including preparation, documentation, and coordination with third-party assessment organizations (C3PAOs).Develop, implement, and maintain a System Security Plan (SSP) and Plan of Action and Milestones (POA&M) in accordance with NIST SP 800-171 and CMMC nduct gap analyses to identify deficiencies in current cybersecurity posture relative to CMMC Level 2 (or applicable level) requirements and develop remediation plans.Establish and enforce cybersecurity policies, procedures, and practices that align with CMMC domains including Access Control, Incident Response, Risk Management, and System and Communications Protection.Manage and maintain Controlled Unclassified Information (CUI) handling procedures, including data marking, storage, transmission, and destruction.Serve as the primary point of contact for all CMMC and cybersecurity compliance matters, including audits, assessments, and reporting.Deliver cybersecurity awareness training to all employees and ensure ongoing compliance with security policies.Monitor and track changes to CMMC requirements, DFARS clauses, and related federal regulations; advise leadership on impacts and necessary actions.General IT Support & System AdministrationManage, maintain, and troubleshoot the organizations IT infrastructure, including workstations, network equipment, printers, and peripherals.Administer and maintain operating systems, business software, endpoint protection solutions, and productivity tools.Implement and manage network security measures including firewalls, VPNs, intrusion detection/prevention systems, and multi-factor authentication.Perform regular system backups, disaster recovery planning, and business continuity testing.Provide helpdesk support to employees, resolving hardware, software, and connectivity issues in a timely manner.Manage user accounts, permissions, and access controls across all systems and platforms.Evaluate, recommend, and implement new technologies, hardware, and software to improve operational efficiency and security.Maintain IT asset inventory and manage software licensing and ordinate with external vendors and service providers as needed for specialized support or procurement.REQUIRED QUALIFICATIONSU.S. Citizenship (required for DoD security clearance eligibility).Ability to obtain and maintain a DoD Secret security clearance.Demonstrated experience with CMMC frameworks, NIST SP 800-171, and/or NIST SP 800-53 controls.Familiarity with CUI handling requirements and DFARS 252.204-7012 compliance.Minimum of 35 years of experience in IT administration, cybersecurity, or a closely related field.Strong working knowledge of network administration, system security, and IT infrastructure management.Experience developing and maintaining System Security Plans (SSPs), POA&Ms, and cybersecurity policies.Proficiency with common security tools and platforms such as SIEM solutions, endpoint detection and response (EDR), vulnerability scanners, and firewall management.Excellent problem-solving, communication, and documentation skills.Strong organizational skills with the ability to manage multiple priorities, track compliance milestones, and maintain detailed records.PREFERRED QUALIFICATIONSIndustry certifications such as CompTIA Security+, CISSP, CISM, CEH, or equivalent.Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA) designation.Experience supporting CMMC compliance for a small business or defense contractor.Experience with Microsoft 365 GCC High or other FedRAMP-authorized cloud environments.Prior experience working in or with DoD-affiliated organizations.Knowledge of ITAR/EAR export control regulations.Experience in or familiarity with accounting principles, financial systems, or business operations.Experience in logistics, supply chain management, or inventory control systems.WORK ENVIRONMENT & CONDITIONSThis is a hybrid remote position that is primarily work from home, but may occasionally require travel to Indian Head, Maryland. The company is headquartered in Fredericksburg, Virginia, but any travel will likely be to Indian Head, MD.Some tasks related to CMMC compliance and system administration may occasionally require on-site presence or travel to the companys location.Standard office environment; may occasionally require work outside normal business hours to address urgent IT issues or system maintenance windows.May require occasional travel for training, assessments, or vendor PENSATION & BENEFITSThe salary range for this position is $75,000 to $90,000 annually, commensurate with experience and qualifications. Benefits include:Paid Time Off (PTO)Health insuranceDental insuranceVision insuranceLife insurance401(k) retirement plan with company matchingEqual Opportunity EmployerThis organization is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. recblid s4h9apymuzv403rxl7tmtwa5vwueqp

Created: 2026-03-17