Cybersecurity Compliance Advisory Analyst
Listed on 2026-07-09
-
IT/Tech
Cybersecurity, Information Security
Do you have strong analytical and communication skills, thrive in a collaborative environment, and have an interest in the US Department of Defense, US Military, or Aerospace & Defense industry? We may have the perfect opportunity for you.
As a Cybersecurity Compliance Advisory Analyst I at Sierra Nevada Company, you will be an integral part of our Governance, Risk, and Compliance (GRC) team, ensuring our organization adheres to stringent cybersecurity regulations and standards. The role focuses on cybersecurity compliance advisory, supporting the CMMC 2.0 program, conducting gap analyses, preparing assessments, and translating regulatory frameworks (NIST SP 800‑171, CMMC, DFARS 252.204‑7012) into actionable guidance.
You will also contribute to contract compliance reviews and supply‑chain oversight.
This is an excellent opportunity for an emerging professional to build a specialized foundation in cybersecurity compliance within a mission‑driven, national security environment— with clear pathways for growth and increasing responsibility.
Responsibilities- Support the GRC team in developing and maintaining a unified CMMC 2.0 and DFARS compliance program across the organization.
- Assist in interpreting and translating cybersecurity regulations (NIST SP 800‑171, CMMC 2.0, and DFARS 252.204‑7012) into actionable guidance for internal stakeholders.
- Support gap analyses to identify control deficiencies and assist in developing remediation recommendations.
- Help system owners gather and organize documentation in preparation for internal and external assessments, readiness reviews, and mock assessments.
- Assist in collecting data for continuous monitoring programs and compliance KPIs.
- Research and track evolving cybersecurity regulations, standards, and best practices relevant to the Defense Industrial Base (DIB).
- Assist in reviewing contracts and solicitations to identify applicable cybersecurity requirements and compliance obligations.
- Help ensure procurement and subcontract processes align with DFARS 252.204‑7012, CMMC 2.0, and organizational cybersecurity requirements.
- Support monitoring of supplier and vendor cybersecurity compliance against contractual obligations and regulatory standards.
- Bachelor's degree in a related field.
- 0–2 years in a related role.
- Relevant experience can be considered as a substitute for the required educational qualifications. In the absence of a degree, a minimum of 4 years of related experience is required.
- Basic understanding of cybersecurity principles and practices.
- Familiarity with network security, threat analysis, and incident response.
- Knowledge of data security administration principles, methods, and techniques.
- Familiarity with domain structures, user authentication, and digital signatures.
- Foundational understanding of, or strong desire to learn, NIST SP 800‑171, DFARS 252.204‑7012, and the Cybersecurity Maturity Model Certification (CMMC) 2.0.
- Strong analytical and organizational skills, with keen attention to detail.
- Strong written and verbal communication skills, with the ability to translate complex regulatory requirements into clear, actionable guidance.
- Ability to learn quickly, manage multiple priorities, and work effectively as part of a collaborative team.
- The ability to obtain and maintain a Top Secret U.S. Security Clearance is required.
- Ability to read and interpret security and technical documentation.
- Proven track record of maintaining the confidentiality of high‑sensitivity projects and data.
- Internship or project experience related to cybersecurity compliance, IT audit, or governance, risk, and compliance (GRC).
- Familiarity with contract language, procurement processes, or supply chain concepts within a government contracting environment.
- Familiarity with ISO 9001 or similar quality management frameworks.
- Relevant entry‑level certifications (e.g., CompTIA A+, Network+, Security+) are a plus, but not required.
- Exposure to or academic coursework in federal regulatory frameworks, defense acquisition, or government contracting.
- Prolonged periods sitting at a desk and working on a computer.
- May require…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).