Cybersecurity & Compliance Specialist Level 2

GENCO General Contractors

$70K — $95K *
Aerospace & Defense
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years of cybersecurity experience, particularly with CMMC compliance
  • Strong knowledge of NIST 800-171 security controls
  • Experience with Microsoft 365 security tools including Azure AD and Intune
  • Proven ability to manage internal and external audits
  • Excellent documentation skills for compliance and cybersecurity processes

Responsibilities

  • Lead the implementation and maintenance of CMMC Level 2 compliance controls
  • Develop and enforce security policies for data and access management
  • Monitor and respond to cybersecurity threats and incidents
  • Administer Microsoft 365 security features and monitor for vulnerabilities
  • Document all cybersecurity measures and maintain audit evidence
  • Conduct regular employee cybersecurity awareness training

Benefits

  • Hybrid/remote work flexibility
  • Comprehensive healthcare benefits
  • Professional development opportunities
  • Participation in ongoing cybersecurity training programs
  • Collaborative company culture focused on cybersecurity excellence
Full Job Description
Hybrid/Remote

Position Overview

The Cybersecurity & Compliance Specialist will be responsible for designing, implementing, and maintaining the company's cybersecurity program, with a primary focus on continuous compliance with CMMC Level 2 requirements. This role owns the cybersecurity compliance program and ensures the organization remains audit-ready at all times through active controls, updated documentation, and risk mitigation.

Key Responsibilities

1. CMMC Level 2 Compliance (Primary Responsibility)
- Implement and maintain the 110 security controls based on NIST 800-171.
- Maintain all required compliance documentation, including:
- System Security Plan (SSP)
- Policies & Procedures
- POA&M (Plan of Action & Milestones)
- Ensure continuous compliance readiness.
- Lead internal and external audits.
- Serve as the primary point of contact for auditors and cybersecurity consultants.

2. Cybersecurity Management
- Develop and implement security policies related to:
- Access control
- Controlled Unclassified Information (CUI)
- Endpoint protection
- Monitor threats, vulnerabilities, and incidents.
- Implement and maintain:
- Multi-Factor Authentication (MFA)
- Conditional Access Policies
- Data Loss Prevention (DLP)
- Manage incident response activities, including detection, containment, and documentation.

3. Microsoft 365 Security Administration
- Advanced administration of:
- Microsoft Entra ID (Azure AD)
- Intune
- Microsoft Defender
- Security & Compliance Center
- Manage identities, roles, and permissions.
- Monitor and respond to security alerts.
- Harden the Microsoft 365 environment according to CMMC requirements.

4. Governance & Documentation
- Document all cybersecurity processes and controls.
- Maintain organized audit evidence and records.
- Update policies and procedures based on regulatory changes.
- Ensure traceability of actions, decisions, and remediation efforts.

5. Coordination with IT Support (Separate Function)
- Define cybersecurity requirements for technical implementations.
- Validate that IT configurations comply with CMMC standards.

- This position will support but will not be responsible for:
- Daily help desk support
- General IT troubleshooting

6. Security Awareness & Training
- Conduct employee cybersecurity awareness training.
- Lead phishing awareness and data handling initiatives.
- Promote a strong cybersecurity culture across the organization.

Monday - Friday
40 hours

Similar Jobs

More Jobs at GENCO General Contractors

More Aerospace & Defense Jobs

Find similar Cybersecurity & Compliance Specialist Level 2 jobs: