ASRC

Senior Cybersecurity Compliance Analyst

ASRC$100K — $130K *
US-AnywhereRemote in Myrtle Point, OR
Aerospace & Defense
5 - 7 years of experience
Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • Bachelor's degree in cybersecurity, information systems, or related field (or equivalent experience).
  • 7+ years of relevant cybersecurity compliance or risk management experience; 5+ years with a Master's degree in Cybersecurity.
  • Hands-on experience with CMMC Level 2 controls, NIST SP 800-171, NIST SP 800-161, and NIST SP 800-53.
  • Strong understanding of Risk Management Framework (RMF).
  • Proficiency in preparing SSPs, POA&Ms, and audit evidence.
  • Ability to communicate complex requirements clearly with cross-functional teams.
  • U.S. citizenship required; security clearance may be required based on contract.

Responsibilities

  • Lead CMMC Level 2 compliance efforts and readiness certifications.
  • Conduct gap assessments and develop control validation documentation.
  • Oversee compliance with NIST SP 800-171 for Controlled Unclassified Information.
  • Implement Cybersecurity Supply Chain Risk Management (C-SCRM) requirements.
  • Support compliance with NIST 800-53 security and privacy controls at the enterprise level.
  • Prepare compliance reports, dashboards, and audit coordination.
  • Serve as a subject matter expert on cybersecurity compliance frameworks and governance.

Benefits

  • Health care, dental, and vision insurance.
  • Life insurance and 401(k) plan.
  • Education assistance for continuous learning.
  • Paid time off including PTO, holidays, and required leave.
  • Competitive pay and benefits packages.
Full Job Description
ASRC Federal is looking for detail-oriented and motivated Senior Cybersecurity Compliance Analyst to join our team in a government contracting (GovCon) environment. This is a full-timeremote position with occasional on-site support (Beltsville, MD or Reston, VA).

The Senior Cybersecurity Compliance Analyst is responsible for leading, managing, and executing compliance activities aligned to CMMC Level 2, NIST SP 800-171, NIST SP 800-161, and NIST SP 800-53. This role will support enterprise cybersecurity, audit readiness, risk assessments, POA&M management, continuous monitoring, and the implementation of required security controls across systems, vendors, and business units.

The ideal candidate will bring deep expertise in federal cybersecurity frameworks, strong analytical skills, and the ability to collaborate with technical and non-technical stakeholders to ensure robust compliance.

Key Responsibilities
  • CMMC Level 2 Compliance:
    • Lead the organization's readiness efforts toward achieving and maintaining CMMC Level 2 certification.
    • Perform gap assessments, evidence collection, control validation, and SSP/POA&M development.
    • Coordinate with internal engineering teams and external assessors during CMMC audits.
  • NIST SP 800-171:
    • Oversee compliance with DFARS 252.204-7012 and NIST 800-171 requirements for protecting Controlled Unclassified Information (CUI).
    • Maintain and update System Security Plans (SSPs) and associated security documentation.
    • Manage risk assessments, incident response requirements, and continuous monitoring activities.
  • NIST SP 800-161 (Supply Chain Risk Management):
    • Implement and monitor Cybersecurity Supply Chain Risk Management (C-SCRM) requirements.
    • Assess vendor cybersecurity posture, conduct supplier assessments, and support acquisition security requirements.
    • Develop processes to track, evaluate, and mitigate supply chain-related risks.
  • NIST SP 800-53:
    • Support enterprise-level compliance with NIST 800-53 security and privacy controls.
    • Assist in RMF activities including categorization, control selection, control assessments, and continuous monitoring.
    • Work with system owners to remediate findings and ensure controls are implemented effectively.

General Responsibilities
  • Collaborate with engineering, IT, procurement, legal, and executive teams to ensure compliance alignment across the organization.
  • Prepare compliance reports, dashboards, and metrics for leadership.
  • Lead internal audits and coordinate external audits.
  • Serve as a subject matter expert on cybersecurity compliance frameworks and best practices.
  • Improve and mature enterprise cybersecurity governance processes, policies, and procedures.

Required Qualifications
  • Bachelor's degree in cybersecurity, information systems, or related field (or equivalent experience).
  • 7+ years of relevant cybersecurity compliance or risk management experience. 5+ years of experience with a Master's degree in Cybersecurity.
  • Hands-on experience implementing: CMMC Level 2 controls, NIST SP 800-171, NIST SP 800-161, NIST SP 800-53.
  • Strong understanding of Risk Management Framework (RMF).
  • Experience preparing SSPs, POA&Ms, security documentation, and audit evidence.
  • Ability to work with cross-functional teams and communicate complex requirements clearly.
  • U.S. citizenship required; ability to obtain and maintain a security clearance may be required depending on contract.

Preferred Qualifications
  • Industry certifications (one or more): CISSP, CISM, CRISC, CAP, CCAK, or CMMC Certified Professional/Assessor.
  • Experience supporting DoD, federal agencies, or defense contractors.
  • Familiarity with FedRAMP, DFARS, SCF, or ISO 27001 frameworks.
  • Experience with continuous monitoring technologies and GRC tools (e.g., Archer, ServiceNow, eMASS).

Additional Information
  • Reports to: Cybersecurity Governance, Risk & Compliance Leadership
  • Travel: Minimal (0-10%)
  • Clearance: Secret clearance preferred but not required; may be required based on project needs.

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law. The salary offered will depend on several factors including, but not limited to, relevant experience, skills, education, geographic location, internal equity, business needs, and other factors permitted by law. Posted pay ranges are a general guideline only and are not a guarantee of compensation or salary.

About ASRC

Arctic Slope Regional Corporation (ASRC) is an Alaska Native corporation that was established in 1972 under the Alaska Native Claims Settlement Act (ANCSA). The company is owned by approximately 13,000 Iñupiat shareholders who live primarily in eight villages on Alaska's North Slope. ASRC is a diversified company with subsidiaries involved in oil and gas exploration and production, government services, construction, and resource development. The company has a strong commitment to sustainability and environmental stewardship, and has implemented a number of initiatives to reduce its environmental impact.
Learn more about ASRC
Size
3,500 employees
Industry
Real Estate & Construction
Founded
2003
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at ASRC

More Aerospace & Defense Jobs

Find similar Senior Cybersecurity Compliance Analyst jobs:

NationwideRemote