CMMC Compliance Analyst

November 27

⚔️ Virginia – Remote

Although this job is listed in Virginia, this company may be open to hiring remote in other states.

💵 $120k - $150k / year

⏰ Full Time

🟢 Junior

🟡 Mid-level

🚔 Compliance

Apply Now

Receive Emails with Similar Jobs

Sentinel Blue

WebsiteLinkedInAll Job Openings

Cybersecurity • Compliance • Government

Sentinel Blue is a cybersecurity services firm based in Warrenton, VA, offering comprehensive cybersecurity solutions tailored to small and medium-sized businesses. The company specializes in fully managed cybersecurity services, compliance advisory, and Gov Cloud solutions, ensuring organizations are protected and compliant with industry standards. Utilizing best-in-class technologies like Microsoft Sentinel, Azure Government, and Zero Trust frameworks, Sentinel Blue provides services such as virtual CISO and CIO roles, security operations centers, and extended detection and response. The company is committed to enhancing its clients' cybersecurity maturity and regulatory compliance, particularly focusing on CMMC and risk assessments. Sentinel Blue prides itself on its core values of emerging technology leadership, excellence, and a client-centric approach.

11 - 50 employees

🔒 Cybersecurity

📋 Compliance

🏛️ Government

📋 Description

• Conduct compliance assessments, review technical configurations against control objectives, draft or refine policies and procedures, update POA&Ms, and prepare documentation for audit readiness. • Participate in client interviews, evidence collection, and gap analysis exercises to determine compliance posture and remediation needs. • Work closely with the IT Operations, Security Operations, and PMO teams to align technical practices with regulatory requirements and improve overall compliance posture. • Shadow technical teams, learn new frameworks (such as NIST 800-53), and grow into more advanced compliance and advisory roles. • Receive, triage, and analyze compliance-related requests, documentation, and assessment findings, and work to resolve issues through research, evidence collection, and stakeholder coordination. • Support the development and maintenance of System Security Plans (SSPs), POA&Ms, policy sets, procedures, and control documentation across client environments. • Review client technical configurations (e.g., access controls, logging, encryption, segmentation, backup strategies) against NIST/CMMC compliance objectives and document gaps or remediation actions. • Communicate with clients through email, chat, meetings, and interviews to gather evidence, clarify processes, and maintain progress visibility on compliance deliverables. • Assist in the management, implementation, and validation of compliance controls across CMMC, NIST 800-171, and/or DFARS 7012. • Contribute to internal compliance documentation templates, client-facing guidance materials, and evidence repositories that streamline audit readiness. • Support the creation of compliance reports, risk assessments, briefs, and executive presentations that translate findings into clear business narrative.

🎯 Requirements

• U.S. citizenship - by nature of our work with the defense industry, all employees must be eligible for a Secret clearance. • 2-5 years of experience in information security, IT compliance, cybersecurity auditing, GRC, or similar roles. • Practical experience working with CMMC, NIST 800-171, NIST 800-53, DFARS 7012, or NIST RMF in a professional environment. • Demonstrated ability to lead and make decisions on compliance-related matters, including interpreting control intent, assessing evidence, and determining whether control requirements have been met. • Experience reviewing and developing policies, procedures, SSPs, POA&Ms, risk assessments, or similar compliance documentation. • Working knowledge of technical environments such as IAM, endpoint protection, logging/monitoring, vulnerability management, segmentation, and backup/recovery strategies. • Strong written and verbal communication skills, especially when translating technical information into actionable compliance guidance. • Ability to work independently, manage multiple client tasks, and follow structured workflows to drive compliance activities to timely completion. • CompTIA Security+ certification is required in the first 2 months of hire

🏖️ Benefits

• Fully paid individual healthcare, vision and dental insurance for the employee. • Paid certification and training opportunities. • Three weeks of paid vacation + 10 paid holidays. • A supportive environment with a focus on keeping healthy work-life balance. • Retirement benefit (401k) with company match.