Cybersecurity Compliance Analyst (NIST 800-53)

Description

About Dragonfli Group

The Dragonfli Group is a small business headquartered in Washington, DC, providing cybersecurity and IT consulting services to U.S. government agencies and large commercial enterprises. Our professionals support mission-critical contracts across security operations, compliance, risk management, and cloud governance.

Position Overview

We are seeking a Junior Cybersecurity Analyst to join a compliance and governance team in support of a large enterprise customer located in Richmond, Virginia. The selected candidate will work onsite alongside a Senior NIST Consultant and contribute to the development and maintenance of system security documentation and compliance processes aligned with NIST 800-53.

This is an excellent opportunity for someone early in their cybersecurity career who wants to build real-world experience with risk management frameworks, security documentation, and GRC tools like ServiceNow GRC.

Key Responsibilities

• Assist in drafting and updating System Security Plans (SSPs), POA&Ms, and other compliance artifacts
• Perform control assessments and collect supporting documentation
• Track security findings and action items using ServiceNow GRC
• Coordinate with system owners and stakeholders to obtain required evidence
• Support the development of status reports, dashboards, and project documentation
• Collaborate with senior consultants on deliverables and analysis
• Participate in internal quality assurance reviews for compliance submissions

Requirements

Required Qualifications

• 1–3 years of experience in IT or cybersecurity (internships or co-ops acceptable)
• 1-3 years of experience with NIST Risk Management Framework (RMF) and NIST 800-53 controls
• Strong writing and documentation skills
• Experience working in Microsoft Office (especially Word and Excel)
• Basic understanding of GRC platforms (ServiceNow GRC preferred, but not required)
• Ability to work onsite in Richmond, VA

Preferred Qualifications

• Coursework or certification in cybersecurity, information assurance, or compliance
• Security+ or other entry-level cybersecurity certification
• Exposure to federal or public sector IT environments
• Strong interpersonal skills and desire to learn in a team setting

Additional Requirements

• Must be legally authorized to work in the United States
• Must currently reside within a 50-mile radius of Richmond, VA

Benefits

Insurance (Health, Dental, Vision)

PTO and Federal Holidays

401(k) Retirement Plan