CMMC Continuous Compliance Analyst

Jobgether·Lever
United StatesFull-timePosted Jul 1, 2026
Open original posting

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a CMMC Continuous Compliance Analyst based in United States.

This role is a hands-on cybersecurity compliance position focused on maintaining continuous alignment with CMMC and NIST SP 800-171 requirements in a dynamic technical environment. You will play a key role in ensuring security controls are not only documented but actively implemented, validated, and continuously monitored across systems and infrastructure.
The position bridges cybersecurity, governance, and technical operations, requiring close collaboration with infrastructure, security engineering, and business stakeholders.
You will be responsible for maintaining audit-ready documentation, validating control effectiveness, and ensuring evidence integrity across multiple security domains.
The role is both analytical and technical, requiring the ability to interpret security frameworks and translate them into real-world validation and remediation actions.
You will also contribute to risk visibility by tracking POA&Ms, compliance gaps, and remediation progress across the organization.
This is an excellent opportunity for a detail-oriented compliance professional who is comfortable working in technical environments and driving measurable security outcomes.

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a CMMC Continuous Compliance Analyst based in United States.

This role is a hands-on cybersecurity compliance position focused on maintaining continuous alignment with CMMC and NIST SP 800-171 requirements in a dynamic technical environment. You will play a key role in ensuring security controls are not only documented but actively implemented, validated, and continuously monitored across systems and infrastructure.
The position bridges cybersecurity, governance, and technical operations, requiring close collaboration with infrastructure, security engineering, and business stakeholders.
You will be responsible for maintaining audit-ready documentation, validating control effectiveness, and ensuring evidence integrity across multiple security domains.
The role is both analytical and technical, requiring the ability to interpret security frameworks and translate them into real-world validation and remediation actions.
You will also contribute to risk visibility by tracking POA&Ms, compliance gaps, and remediation progress across the organization.
This is an excellent opportunity for a detail-oriented compliance professional who is comfortable working in technical environments and driving measurable security outcomes.

Accountabilities

    In this role, you will ensure continuous compliance readiness, control validation, and accurate documentation across CMMC-aligned security frameworks:

    • Maintain and enhance CMMC and NIST SP 800-171 documentation, including SSPs, policies, procedures, and POA&Ms.
    • Perform continuous control validation to ensure documented security measures match real-world technical implementations.
    • Collect, organize, and validate compliance evidence from systems, logs, vulnerability scans, access reviews, and security tools.
    • Collaborate with infrastructure, security, and system owners to identify compliance gaps and support remediation efforts.
    • Track and manage POA&Ms, risk acceptance decisions, findings, and remediation activities through resolution.
    • Review technical security configurations across IAM, MFA, endpoint protection, logging, vulnerability management, and network security.
    • Support internal and external audit readiness activities, including CMMC assessments and continuous monitoring programs.
    • Prepare compliance dashboards, metrics, and reports for leadership and audit stakeholders.
    • Ensure consistency and accuracy in documentation repositories and compliance tracking systems.
    • Participate in continuous improvement of compliance processes, evidence collection, and validation workflows.
    • Requirements

      The ideal candidate combines cybersecurity knowledge with strong compliance, analytical, and technical validation skills:

      • Bachelor’s degree in Cybersecurity, IT, Computer Science, or related field (or equivalent experience).
      • 3–6 years of experience in cybersecurity compliance, GRC, IT audit, security operations, or infrastructure security.
      • Working knowledge of CMMC, NIST SP 800-171, or similar cybersecurity frameworks.
      • Ability to interpret security controls and translate them into validation, evidence collection, and remediation tasks.
      • Strong understanding of core security domains including IAM, MFA, endpoint security, vulnerability management, logging, and incident response.
      • Experience reviewing technical evidence to assess control effectiveness and compliance status.
      • Ability to collaborate with technical teams to investigate gaps and drive remediation efforts.
      • Strong analytical, documentation, and organizational skills with attention to detail.
      • Experience with audit readiness, internal assessments, or continuous monitoring programs is highly valued.
      • Familiarity with GRC tools, SIEM platforms, vulnerability scanners, and enterprise environments (Azure, AWS, Active Directory, etc.) is a plus.
      • Relevant certifications (Security+, CISA, CISSP, CISM, or similar) are preferred.
      • Strong communication skills with the ability to report clearly on compliance posture and risk.
      • Benefits

        • Competitive salary range: $110,000 – $130,000 annually (target midpoint $120,000).
        • Comprehensive medical, dental, and vision insurance coverage.
        • 401(k) retirement plan.
        • Paid time off and flexible work arrangements (remote/hybrid).
        • Education and certification reimbursement programs.
        • Opportunity to work on mission-critical cybersecurity compliance initiatives.
        • Exposure to CMMC certification and federal compliance frameworks.
        • Supportive environment focused on professional growth and continuous learning.
How Jobgether works: We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team. We appreciate your interest and wish you the best!  Why Apply Through Jobgether?    Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.     #LI-CL1

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free