Cybersecurity Compliance Advisory Analyst II

As a Cybersecurity [Contracts & Supply Chain] Compliance Advisory Analyst II, you will play a crucial role in ensuring our organization and our supply chain adhere to stringent cybersecurity standards and regulatory requirements. You will be responsible for interpreting and translating complex compliance requirements (specifically NIST SP 800-171, CMMC, and DFARS 252.204-7012) into actionable guidance, contributing to a unified compliance strategy, and supporting the development of security control implementations. This role requires a balanced blend of responsibilities related to supply chain risk management, contract compliance, and general cybersecurity advisory.

As SNC's corporate team, we provide the company and its business areas with strategic direction and business support spanning executive management, finance and accounting, operations, human resources, legal, IT, information security, facilities, marketing, and communications.

Responsibilities:

Contract and Supply Chain Compliance:

• Conduct thorough cybersecurity due diligence by reviewing and advising on new and existing contracts to ensure cybersecurity requirements and obligations are included and flowed down to suppliers, subcontractors, and vendors.
• Monitor supplier and vendor cybersecurity performance to ensure compliance with contractual obligations and regulatory standards.
• Contribute to the development, implementation, and enforcement of supply chain policies and processes.
• Develop and manage corrective action plans for supplier and vendor compliance issues, and lead response and communication with suppliers and vendors during cybersecurity incidents.
• Ensure procurement and subcontract processes align with cybersecurity regulations, including DFARS 252.204-7012, CMMC, organizational requirements, and industry best practices.
• Stay informed of evolving regulations, best practices, and standards affecting supplier and vendor compliance with DFARS and CMMC, and propose adaptations to policies and procedures accordingly.
• Conduct regular cybersecurity compliance reviews and assessments of procurement and supply chain management processes.
• Verify suppliers and vendors meet industry standards and regulatory requirements and have up-to-date cybersecurity certifications, including assisting in the identification, tracking, and advising on mitigating complex risks.

Cybersecurity Compliance Advisory:

• Contribute to the development and implementation of a unified CMMC and DFARS compliance program that aligns with organizational goals, risk tolerance, and contract requirements.
• Interpret and translate complex cybersecurity regulations (NIST SP 800-171, CMMC, and DFARS 252.204-7012) into actionable guidance to ensure regulatory alignment and process improvement, and provide targeted organization-wide training.
• Participate actively in gap analyses to identify deficiencies and risks, and advise on remediation strategies for compliance with DFARS, NIST SP 800-171, and CMMC requirements.
• Assist in establishing and managing a CMMC program, continuous monitoring program, and key performance indicators (KPIs) to track compliance and risks related to suppliers, subcontractors, and vendors handling CUI or FCI, identifying areas for improvement, and advising on tactical adjustments.
• Help system owners develop and maintain the System Security Plan (SSP) to meet NIST SP 800-171 and CMMC requirements.
• Prepare system owners for internal and external assessments (mock assessments, readiness reviews) and provide support during interactions with C3PAOs.
• Contribute to creating and improving documentation for audits and certifications.

Qualifications You Must Have:

• Bachelor's degree a related discipline or 2 or more years of relevant experience in cybersecurity compliance, GRC, IT audit, or a related field, with a focus on contracts, supply chain, or third-party risk management.
• A higher level degree may substitute for experience
• Related experience may be considered in lieu of required education.
• Demonstrated understanding and practical experience with NIST SP 800-171, DFARS 252.204-7012, and the Cybersecurity Maturity Model Certification (CMMC) 2.0.
• Familiarity with contract review processes and the ability to identify cybersecurity requirements within legal documents.
• Strong analytical and problem-solving skills, with the ability to interpret complex regulations and translate them into actionable controls.
• Excellent written and verbal communication skills, capable of conveying complex technical and compliance concepts to diverse audiences.
• Ability to work independently and collaboratively in a fast-paced, dynamic environment.

Qualifications We Prefer:

• Ability to read and interpret security and technical documentation.
• Experience working with government contracts or within a highly regulated industry.
• Familiarity with ISO 9001 or other quality management systems.
• Relevant industry certifications (e.g., CompTIA Security+, CISA, GSEC) are a plus, but not required.

SNC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with 150% match up to 6%, life insurance, 3 weeks paid time off, tuition reimbursement, and more.

IMPORTANT NOTICE:

This position requires the ability to obtain and maintain a Secret U.S. Security Clearance. U.S. Citizenship status is required as this position needs an active U.S. Security Clearance for employment. Non-U.S. citizens may not be eligible to obtain a security clearance. The Department of Defense Consolidated Adjudications Facility (DoD CAF), a federal government agency, handles the adjudicative aspects of the security clearance eligibility process for industry applicants. Adjudicative factors which affect the outcome of the eligibility determination include, but are not limited to, allegiance to the U.S., foreign influence, foreign preference, criminal conduct, security violations and illegal drug use.

Learn more about the background check process for Security Clearances.

SNC is a global leader in aerospace and national security committed to moving the American Dream forward. We’re known and respected for our mission and execution focus, agility, and disruptive and rapid innovation. We provide leading edge technologies and transformative solutions that support our nation’s most critical security needs. If you are mission-focused, thrive in collaborative environments, and want to make our country stronger with state-of-the-art technologies that safeguard freedom, join our team!

SNC is an Equal Opportunity Employer committed to an environment free of discrimination. Employment decisions are made based on merit without regard to race, color, age, religion, sex, national origin, disability, status as a protected veteran or other characteristics protected by law.