Compliance Engineer

About The Position

Requirements

• A Bachelors degree is required for this position in cybersecurity of related field.
• 5+ years of experience in cybersecurity and/or information compliance, information assurance, data governance, or a related engineering discipline
• Demonstrated working knowledge of CMMC 2.0 (Level 2 preferred), NIST SP 800-171, NIST SP 800-53, and ISO 27001
• Experience developing or maintaining compliance documentation including SSPs, POA&Ms, control matrices, and information classification frameworks
• Familiarity with cloud platforms (Microsoft 365, Azure) and associated compliance configurations, including Purview, Defender, Conditional Access, and data loss prevention (DLP) tooling
• Understanding of information lifecycle management including data classification, retention, and disposition requirements in a federal or defense context
• Strong written and verbal communication skills with the ability to present technical and compliance findings to non-technical stakeholders
• Ability to obtain and maintain a Secret level clearance

Nice To Haves

• Certifications such as CISSP, CISM, CIPP, CompTIA Security+, CCSP, or ISO 27001 Lead Auditor/Implementer
• Experience working in a defense contractor or national security environment
• Familiarity with GCC High or DoD IL environments
• Experience supporting DFARS 252.204-7012 and CUI program compliance requirements
• Knowledge of NARA records management requirements or federal information management policy
• Hands-on experience with GRC and compliance automation platforms such as Vanta, Drata, Tugboat Logic, or similar tools, including evidence collection, control mapping, and audit readiness workflows

Responsibilities

• Lead and support compliance activities across CMMC 2.0, NIST SP 800-171, NIST SP 800-53, and ISO 27001 frameworks, ensuring alignment with organizational security and information governance policies and contractual obligations
• Assess, document, and remediate gaps in technical and administrative controls across enterprise systems, cloud environments, and end-user infrastructure
• Develop and maintain System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), risk registers, information classification schemas, and other compliance artifacts
• Support the preparation and execution of internal and third-party audits, including C3PAO assessments and ISO 27001 certification audits
• Collaborate with IT, operations, and program delivery teams to embed compliance requirements into system design, configuration management, information handling procedures, and change control processes
• Provide guidance on CUI (Controlled Unclassified Information) handling, data classification, records management, and information system boundary definition
• Support the development and enforcement of information governance policies including data retention, disposal, access controls, and acceptable use
• Own and operate GRC/compliance automation platforms such as Vanta, including evidence collection, control mapping, integration configuration, and audit readiness workflows
• Monitor regulatory and policy developments across both cybersecurity and information management domains, assessing impact to current compliance posture and recommending proactive adjustments
• Support vendor and subcontractor compliance reviews, including information handling requirements and flow-down obligations