We are seeking a skilled Senior Security Compliance Auditor to join our dynamic team and assess compliance to NIST 800-171, NIST 800-53, and CMMC standards. This role involves evaluating our security controls, identifying areas of improvement, working with cross-functional teams to enhance our security posture, and participating in external audit and certifications.
Responsibilities
Conduct comprehensive audits of security controls in accordance with NIST 800-171, NIST 800-53, and CMMC guidelines.
Evaluate the effectiveness of security measures and identify areas for improvement.
Ensure ongoing compliance with federal and industry standards.
Develop and maintain documentation related to compliance activities and findings.
Provide recommendations for risk mitigation and control enhancements.
Assist in the development and implementation of security policies and procedures aligned with regulatory requirements.
Support the lifecycle management of compliance-related documentation.
Conduct training sessions to raise awareness about compliance requirements and best practices.
Stay updated on the latest developments in NIST and CMMC standards.
Work closely with cross-functional stakeholders across various departments such as IT, Engineering, HR, Legal to address compliance gaps.
Communicate audit results and recommendations to stakeholders and senior management.
Minimum Qualifications
A bachelor's degree and 6 years of professional work experience (or a master's degree and 3 years of professional work experience, or a PhD degree, or equivalent experience) is required.
Candidates for this position must be authorized to work in the United States on a full-time basis for any employer without restriction.
Visa sponsorship will not be provided for this position.
Additional Qualifications
Strong knowledge of software development processes, on-prem and cloud-based infrastructure, cybersecurity, network security, risk management, application security, and third-party management.
Proven experience in security compliance auditing and cybersecurity frameworks, particularly with NIST 800-171, NIST 800-53, and CMMC.
Excellent analytical, problem-solving, and communication skills, with a demonstrated ability to collaborate across teams and roles.
Relevant certifications such as CISA, CISSP, or CMMC-AB Assessor are preferred.
