Sr Cybersecurity Compliance Auditor

Our organization is seeking a seasoned Senior Cybersecurity Compliance Auditor to provide critical, independent assurance of our security posture against national security regulations. In this role, you will become the internal authority on business unit and corporate systems compliance with CMMC 2.0, DFARS 252.204-7012, and NIST SP 800-171. You will be responsible for leading rigorous assessments, validating security control effectiveness, and ensuring our readiness for formal C3PAO audits. This position is ideal for a meticulous professional who excels at evidence-based evaluation and can effectively communicate findings to drive continuous improvement across the enterprise.

The Mission Solutions and Technologies (MST) business area provides affordable, turn-key command/control, communications, integrated ISR, force protection and security solutions worldwide. The MST team has a long legacy of supporting the Department of Defense, Department of Homeland Security, commercial and international customers with years of experience in platform operations, engineering and full lifecycle management across domains – air, land, sea, space and cyber.

Responsibilities:

• Objectively assess and validate the implementation and effectiveness of security controls through evidence collection, technical testing, and stakeholder interviews
• Design and execute test procedures to verify control efficacy and identify potential gaps in our compliance posture
• Author formal audit reports with clear findings, root cause analysis, and actionable, risk-based recommendations for remediation
• Act as a primary liaison during external C3PAO audits, presenting evidence, clarifying implementations, and defending the organization's compliance position
• Mentor junior analysts on audit methodologies, evidence gathering, and regulatory interpretation
• Identify physical and logical safeguards for systems that process, store, or transmit Controlled Unclassified Information (CUI)
• Analyze system infrastructure and security protection tools to ensure settings are aligned with internal requirements and standards established in NIST, NSA, and related authoritative publications
• Utilize methodologies and tools to manage assessment engagements from planning to reporting and follow-up
• Ensure alignment between cybersecurity control requirements and people, processes, and technologies deployed to enforce them
• Interview system owners to gain understanding of how their systems are configured to protect the confidentiality and integrity of data

Qualifications You Must Have:

• Bachelor's degree in Cybersecurity, Information Technology or related or 10 or more years of relevant experience
  • A higher level degree may substitute for experience
  • Equivalent professional experience (8+ years in a direct audit/assessment role) will be considered in lieu of required education
• Experience supporting, troubleshooting, and administering a variety of networks, OSs, and applications
• Strong knowledge and experience administering a variety of current Microsoft platforms
• Knowledge of data security administration principles, methods, and techniques
• Familiarity with domain structures, user authentication, and digital signatures
• Demonstrable experience leading formal security assessments or audits (internal or external)
•  Demonstrable skill in audit methodologies, including evidence collection, sampling techniques, and stakeholder interviews
• Experience in developing evidence-based audit workpapers and documentation
• Exceptional communication skills, with a proven ability to articulate complex technical findings and risks to both technical and executive audiences
• The ability to obtain and maintain a Secret U.S. Security Clearance is required

Qualifications We Prefer:

• Hands-on experience with GRC platforms (e.g., eMASS, ServiceNow GRC) for managing controls and evidence
• Proven experience creating and maturing System Security Plans (SSPs) and Plans of Action & Milestones (POA&Ms)
• Familiarity with the NIST Risk Management Framework (RMF)
• Prior experience performing assessments within the Defense Industrial Base (DIB)
• Direct experience working for a C3PAO or in a similar external assessment capacity
• One or more of the following professional certifications:
  • Audit-focused: Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA)
  • Cybersecurity-focused: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)
  • CMMC-focused: CMMC Certified Professional (CCP) or CMMC Certified Assessor (CCA)

Estimated Starting Salary: $113,428.57 - $155,964.28

SNC offers annual incentive pay based upon performance that is commensurate with the level of the position.

SNC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with 150% match up to 6%, life insurance, 3 weeks paid time off, tuition reimbursement, and more.

IMPORTANT NOTICE:

This position requires the ability to obtain and maintain a Secret U.S. Security Clearance. U.S. Citizenship status is required as this position needs an active U.S. Security Clearance for employment. Non-U.S. citizens may not be eligible to obtain a security clearance. The Department of Defense Consolidated Adjudications Facility (DoD CAF), a federal government agency, handles the adjudicative aspects of the security clearance eligibility process for industry applicants. Adjudicative factors which affect the outcome of the eligibility determination include, but are not limited to, allegiance to the U.S., foreign influence, foreign preference, criminal conduct, security violations and illegal drug use.

Learn more about the background check process for Security Clearances.

SNC is a global leader in aerospace and national security committed to moving the American Dream forward. We’re known and respected for our mission and execution focus, agility, and disruptive and rapid innovation. We provide leading edge technologies and transformative solutions that support our nation’s most critical security needs. If you are mission-focused, thrive in collaborative environments, and want to make our country stronger with state-of-the-art technologies that safeguard freedom, join our team!

SNC is an Equal Opportunity Employer committed to an environment free of discrimination.  Employment decisions are made based on merit without regard to race, color, age, religion, sex, national origin, disability, status as a protected veteran or other characteristics protected by law.