Logo for Avum Inc.

CMMC Continuous Compliance Analyst

Roles & Responsibilities

  • Bachelor's degree in Cybersecurity, Information Technology, Information Systems, Computer Science, or a related field, or equivalent experience
  • Three to six years of experience supporting cybersecurity compliance, governance, risk and compliance (GRC), IT audit, or technical security
  • Working knowledge of CMMC, NIST SP 800-171, or comparable cybersecurity compliance frameworks
  • Strong analytical, organizational, documentation, and written communication skills

Requirements:

  • Review, maintain, and improve CMMC documentation, including policies and procedures
  • Perform ongoing compliance reviews against CMMC and NIST SP 800-171 requirements
  • Collect, organize, validate, and maintain compliance evidence from various sources
  • Partner with stakeholders to validate control implementation and support remediation efforts

Job description

Description


Position Summary


We are seeking a CMMC Continuous Compliance Analyst to support ongoing cybersecurity compliance, audit readiness, and control validation across our environment. This role will review and maintain CMMC-related documentation, evaluate technical control implementation, collect and validate evidence, and perform continuous monitoring to ensure that our systems, processes, and security practices remain aligned with CMMC and NIST SP 800-171 requirements.

The ideal candidate has a blend of technical cybersecurity knowledge, documentation discipline, analytical thinking, and the ability to work with infrastructure, security, compliance, and business teams. This is not a purely administrative compliance role. The person in this position must be able to understand technical environments, ask good control-validation questions, identify gaps, and help drive remediation tracking.


Key Responsibilities

  • Review, maintain, and improve CMMC documentation, including the System Security Plan (SSP), policies, procedures, control narratives, evidence repositories, and Plans of Action and Milestones (POA&Ms).
  • Perform ongoing compliance reviews against CMMC and NIST SP 800-171 requirements, validating that documented controls align with actual technical and operational implementation.
  • Collect, organize, validate, and maintain compliance evidence from systems, logs, tickets, vulnerability reports, access reviews, training records, and other supporting sources to ensure audit readiness.
  • Partner with infrastructure, security, system owners, and business stakeholders to validate control implementation, identify compliance gaps, and support remediation efforts.
  • Track findings, POA&Ms, remediation activities, control exceptions, and risk acceptance decisions through resolution.
  • Review technical configurations and security tooling related to areas such as identity and access management, multifactor authentication, vulnerability management, endpoint protection, logging, configuration management, asset inventory, backups, incident response, and network security.
  • Support internal readiness assessments, external CMMC assessments, and continuous monitoring activities by maintaining accurate documentation and repeatable compliance processes.
  • Prepare compliance metrics, status reports, dashboards, and executive summaries that communicate compliance posture, audit readiness, remediation progress, and organizational risk.

Compensation


The salary range for this position is $110,000 to $130,000 annually, with a target midpoint of $120,000.. Actual compensation will be determined based on experience, qualifications, certifications, and geographic location. Avum offers a comprehensive benefits package including medical (Cigna), dental and vision (Principal), 401(k), PTO, education reimbursement, and certification reimbursement.


Work Environment & Requirements

  • Hybrid/remote work environment with potential on-site requirements based on contract needs
  • U.S. citizenship required
  • Security clearance: Active Secret clearance required or ability to obtain
  • Background check required

Equal Employment Opportunity


Avum, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected class under federal, state, or local law. Avum is committed to compliance with Section 503 of the Rehabilitation Act and VEVRAA, and maintains an active Affirmative Action Plan.

Requirements


Required Qualifications

  • Bachelor's degree in Cybersecurity, Information Technology, Information Systems, Computer Science, or a related field, or an equivalent combination of education and experience.
  • Three to six years of experience supporting cybersecurity compliance, governance, risk and compliance (GRC), IT audit, security operations, infrastructure operations, or a related technical security function.
  • Working knowledge of CMMC, NIST SP 800-171, or comparable cybersecurity compliance frameworks.
  • Ability to interpret security control requirements and translate them into practical validation activities, evidence collection, and remediation recommendations.
  • Understanding of core cybersecurity concepts including identity and access management, multifactor authentication, endpoint security, vulnerability management, logging, network security, asset management, backups, change management, and incident response.
  • Experience reviewing technical evidence and determining whether security controls are operating effectively.
  • Ability to collaborate with technical and business teams to investigate compliance gaps, coordinate remediation activities, and support audit readiness.
  • Strong analytical, organizational, documentation, and written communication skills with the ability to manage multiple priorities and deadlines.


Preferred Qualifications

  • Experience supporting CMMC certification efforts, NIST SP 800-171 compliance, DFARS 252.204-7012 requirements, SPRS scoring, SSP development, POA&M management, or C3PAO assessments.
  • Experience performing internal audits, security control testing, gap assessments, continuous monitoring, or compliance reviews.
  • Experience using GRC platforms, ticketing systems, vulnerability management tools, SIEM solutions, endpoint security platforms, cloud environments, or configuration management tools.
  • Familiarity with enterprise technologies such as Microsoft 365, Azure, AWS, Windows Server, Active Directory, Entra ID, Linux, networking, firewalls, endpoint detection and response (EDR), and vulnerability scanning tools.
  • Industry certifications such as Security+, CISA, CISSP, CISM, CCP, CCA, or comparable cybersecurity or compliance certifications.

Risk and Compliance Analyst Related jobs

Other jobs at Avum Inc.

We help you get seen. Not ignored.

We help you get seen faster β€” by the right people.

πŸš€

Auto-Apply

We apply for you β€” automatically and instantly.

Save time, skip forms, and stay on top of every opportunity. Because you can't get seen if you're not in the race.

✨

AI Match Feedback

Know your real match before you apply.

Get a detailed AI assessment of your profile against each job posting. Because getting seen starts with passing the filters.

Upgrade to Premium. Apply smarter and get noticed.

Upgrade to Premium

Join thousands of professionals who got noticed and hired faster.