ResponsibilitiesThis role serves as a key contributor to the company's federal cybersecurity compliance program by leading assessment readiness efforts, administering compliance operations, and ensuring alignment with contractual and regulatory requirements, including CMMC and NIST SP 800-171.
The Senior Compliance Specialist partners closely with Compliance, IT/Security, Legal/Contracts, and project teams to maintain a mature, audit-ready compliance program. This role requires strong organizational, analytical, and communication skills, along with the ability to independently manage complex compliance activities, drive process improvements, and support enterprise-wide readiness initiatives.
Responsibilities and Essential Duties include the following (other duties may be assigned):
Compliance Program Administration- Lead administration and maintenance of the CMMC assessment inventory log, including systems, assets, control owners, evidence status, remediation tracking, and audit documentation
- Ensure compliance records and supporting documentation are complete, accurate, current, and audit-ready
- Oversee centralized compliance documentation repositories, including evidence inventories, trackers, version logs, and status reports
- Monitor compliance deadlines, remediation activities, and outstanding action items to support ongoing assessment readiness
- Identify process gaps and recommend improvements to strengthen documentation accuracy, consistency, and operational efficiency
Assessment & Audit Readiness- Coordinate and support internal and external cybersecurity assessments, audits, and readiness reviews
- Lead collection, organization, and validation of required evidence and compliance documentation
- Review submissions for completeness, consistency, and alignment with contractual and regulatory requirements
- Track remediation plans, corrective actions, and progress through resolution while escalating risks or delays as appropriate
- Prepare and present readiness summaries, compliance metrics, dashboards, and status updates for leadership and stakeholders
Contract & Regulatory Compliance- Review contracts and client requirements related to federal cybersecurity compliance obligations
- Assist in interpreting and tracking requirements associated with CMMC, NIST SP 800-171, and related federal cybersecurity standards
- Ensure required documentation and records are maintained to support contractual compliance obligations and audit readiness
- Partner with internal stakeholders to identify, escalate, and resolve compliance gaps, inconsistencies, or missing documentation
Cross-Functional Coordination- Collaborate with IT/Security teams to maintain accurate system, asset, and control documentation
- Coordinate with Compliance, Legal/Contracts, Procurement, and project teams to support enterprise compliance initiatives
- Serve as a resource to internal stakeholders regarding compliance documentation requirements, processes, and best practices
- Facilitate meetings, working sessions, follow-up communications, and action item tracking across multiple teams
Process Improvement & Training Support- Lead efforts to develop, enhance, and maintain standard operating procedures, templates, workflows, and compliance checklists
- Support and coordinate training initiatives related to cybersecurity compliance documentation and readiness activities
- Promote consistent documentation standards, version control, and record retention practices across departments
- Recommend and implement process improvements to increase efficiency, accountability, and compliance readiness
Reporting & Documentation Management- Serve as the primary coordinator and system administrator for compliance tracking and assessment inventory records
- Validate updates across departments and maintain traceability and integrity of compliance documentation
- Generate recurring and ad hoc reports related to compliance status, assessment readiness, remediation activities, and outstanding risks
- Analyze trends and metrics to support leadership decision-making and continuous improvement initiatives
Education - Skills - Knowledge - Qualifications & Experience- Bachelor's degree in business, information systems, cybersecurity, compliance, or related field preferred
- Minimum of 7 years of experience in compliance, audit, risk management, IT, cybersecurity, federal contracting, or a regulated program environment
- Experience supporting or coordinating cybersecurity compliance programs, audit readiness activities, or documentation control processes
- Working knowledge of CMMC, NIST SP 800-171, DFARS, or related federal cybersecurity requirements preferred
- Strong analytical, organizational, and problem-solving skills with exceptional attention to detail
- Ability to independently manage multiple priorities, deadlines, and cross-functional initiatives
- Excellent written and verbal communication skills with the ability to effectively interact with technical and non-technical stakeholders
- Advanced proficiency in Microsoft Office Suite, including Excel, Word, Teams, and reporting tools
- Experience with compliance management systems, documentation repositories, or workflow tracking tools preferred
- Ability to maintain confidentiality, exercise sound judgment, and operate with a high level of professionalism
The above description covers the principal duties and responsibilities of the job. The description shall not, however, be construed as a complete listing of all miscellaneous, incidental, or similar duties which may be required from day-to-day. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
