Compliance Analyst

About the Role:

Ideal for IT Support or System Admin professionals looking to transition into cybersecurity and compliance. No prior compliance experience required training will be provided.

This is an entry-level to junior role designed for IT professionals looking to transition into cybersecurity and compliance. The Compliance Analyst will receive training and hands-on experience supporting CMMC compliance programs for Department of Defense contractors, including implementation, audit readiness, and ongoing compliance sustainment.

What You'll Learn in This Role:

• CMMC (Cybersecurity Maturity Model Certification) framework
• NIST SP 800-171 security controls
• How to prepare organizations for compliance audits
• How to manage compliance documentation (SSPs, POA&Ms, policies)
• Security best practices in Microsoft GCC / GCC High environments
• Real-world cybersecurity operations in regulated environments

Key Responsibilities and Duties:

• Assist in developing and customizing policies, procedures and other supporting documentation for clients
• Work closely with Compliance Managers and leadership to implement CMMC compliance requirements across several clients simultaneously
• Assist with client audits and assessments by providing documentation and evidence to third party auditors
• Review and validate client-provided evidence to ensure audit readiness and alignment with CMMC requirements
• Assist in reviewing configurations in Microsoft 365 GCC/GCC High and other platforms to confirm alignment with documentation
• Execute and track ongoing compliance activities to ensure continuous adherence to CMMC requirements post-assessment
• Assist with Project Management responsibilities including facilitating meetings, calls and supporting notes and activities
• Support delivery of OSIbeyond’s Compliance as a Service (CaaS) model, ensuring clients maintain continuous compliance rather than point-in-time certification
• Work within Microsoft 365 GCC / GCC High environments to validate secure configurations aligned with CMMC controls
• Other duties as assigned

Security Responsibilities

• Complete required training and maintain awareness of cybersecurity risks including insider threats and handling of regulated data.
• Treat company and client data as confidential and follow all applicable security and information protection policies.
• Follow cybersecurity procedures outlined in company policies and the employee handbook.
• Immediately report and follow incident response procedures for any suspected security incidents.

Job Qualifications:

• 1–3 years of IT Support, Helpdesk, or System Administration experience
• Existing Helpdesk, System Administration or Managed IT experience including knowledge of Microsoft 365 / Entra ID and Intune
• Familiarity with common security tools including EDR / Antivirus, Vulnerability Scanning & Patch Management
• Basic understanding of CMMC and/or NIST SP 800-171 requirements
• Experience working with security policies, procedures, or compliance documentation
• Familiarity with audit preparation, evidence collection, or regulated environments
• Strong attention to detail and ability to follow structured processes
• Interest in cybersecurity, compliance, or risk management

Certifications

• CMMC Registered Practitioner (RP) – Preferred, not required
• Security+ or equivalent cybersecurity certification – Preferred

Position:

• Location – Rockville, MD –Hybrid eligible, not to exceed 1-day WFH.
• Employment Type - Full time
• Compensation - $65,000-75,000.00 DOE

Benefits:

• Medical Insurance - OSIbeyond pays 75% of the premium for the Employee's base medical plan
• Vision and Dental Insurance - OSIbeyond pays 75% of the premium for the Employee's plans
• Life Insurance - OSIbeyond pays 100% of the premium for the Employee's plans
• Short Term Disability Insurance - OSIbeyond pays 100% of the premium for the Employee's plans
• 401K - OSIbeyond matches up to 4%
• PTO/Holidays - 9 paid Holidays and accrual based PTO which increases with tenure, new hires start out with 2 weeks.