Senior Analyst, IT, CMMC Compliance

Lincoln Electric is the world leader in the engineering, design, and manufacturing of advanced arc welding solutions, automated joining, assembly and cutting systems, plasma and oxy-fuel cutting equipment, and has a leading global position in brazing and soldering alloys. Lincoln is recognized as the Welding Expert™ for its leading materials science, software development, automation engineering, and application expertise, which advance customers' fabrication capabilities to help them build a better world. Headquartered in Cleveland, Ohio, Lincoln Electric is a $4.2B publicly traded company (NASDAQ:LECO) with over 12,000 employees around the world, with operations in 71 manufacturing and automation system integration locations across 21 countries and maintains a worldwide network of distributors and sales offices serving customers in over 160 countries.

Location: Euclid - 22801 
Employment Status: Salary Full-Time 
Function: Information Technology 
Req ID: 25813 

​

​

Summary

Lincoln Electric has an exciting opportunity for a Senior Analyst, IT, CMMC Compliance who will join our global headquarters team. The Senior Analyst, IT, CMMC Compliance will be responsible for contributing to the company’s CMMC compliance journey and for maintaining the compliance program once fully implemented. This role will own execution of CMMC IT Controls and provide leadership and guidance to the other functions in the company that own CMMC controls, including but not limited to physical security, HR, procurement. This role is part of a team of GRC professionals, collaborates with cross-functional teams, and implements robust strategies to maintain and enhance our compliance posture. *Note: this role requires U.S. citizenship and candidates must be currently working in the United States to be considered*

Lincoln Electric offers a fabulous suite of compensation and benefits that include a lucrative annual incentive plan, student loan repayment program PLUS tuition reimbursement, medical/dental/vision, generous paid time off and many more outstanding benefits!

What You Will Do

•    Collaborate with stakeholders across the organization to ensure a clear understanding of CMMC compliance requirements and alignment with business goals.
•    Establish and maintain strong relationships with stakeholders across technology, compliance, cybersecurity, procurement, HR and physical security. 
•    Work with internal/external auditors, regulators, assessors, business stakeholders and other functional areas such as Legal, Compliance and HR. 
•    Provide guidance and support to other members of the IT team on CMMC compliance-related issues.
•    Train internal teams on CMMC compliance requirements
•    Own the maintenance of comprehensive GRC strategies aligned with CMMC compliance
•    Maintain and enhance CMMC compliance assessment toolkits for testing and validation
•    Maintain documentation and records for CMMC compliance processes, procedures, and standards.
•    Prepare and manage documentation for certification audits, ensuring that all required evidence and controls are in place.

Additional Responsibilities

•    Stay updated on changes to CMMC guidelines, associated Rules and NIST cybersecurity frameworks, adapting the organization's strategy as needed.
•    Provide subject matter expertise and guidance to internal stakeholders on CMMC, DFARS, NIST SP 800-171, and other relevant cybersecurity regulations. 
•    Drive continuous improvement initiatives to enhance the efficiency and effectiveness of CMMC compliance processes and controls.
•    Leverage automation and technology to streamline compliance activities and reporting.
•    Maintain CMMC-focused IT policies, standards and procedures
•    Provide guidance to future expansion of CMMC compliance program to other parts of the business
•    Function as the company’s main point of contact for third-party CMMC assessors
•    Collaborate with third-party CMMC assessors, ensuring a smooth certification process and addressing any non-conformities or challenges during the audit.
•    Own preparation and execution of annual self-attestation processes.
•    Develop and implement risk mitigation plans to address identified issues and minimize exposure to CMMC compliance risks.
•    Develop and implement processes to incorporate IT and business process changes into the CMMC compliance program and associated re-assessment requirements.
•    Oversee the response process for customer CMMC inquiries and collaborate with Procurement on vendor CMMC flow-down requirements and questionnaires. 
•    Develop and deliver relevant KPIs and metrics for management consumption.
•    Evaluate CMMC security controls and identify opportunities for improvement and communicate recommendations.
•    Identify and implement improvements to increase efficiency of the compliance program and processes.
•    Collaborate with the Lead, IT Policy and Security Awareness to develop and deliver training programs on CMMC compliance for employees across the organization.
 

Education & Experience Required

•    Must be a US Citizen and currently working in the United States.

•    Bachelor's degree in Computer Science, Information Security, or related field is preferred.
•    5+ years of experience in IT compliance, with deep experience in CMMC Level 1 and Level 2 certification requirements, and NIST and knowledge of DFARS
•    Strong understanding of CMMC (Cybersecurity Maturity Model Certification) and NIST SP 800-171 and NIST 800-53 frameworks, with hands-on experience guiding organizations through CMMC compliance.
•    Experience in the manufacturing industry, particularly with IT and OT systems, is a plus.
•    Familiarity with other cybersecurity regulations, such as ISO 27001, is a plus.
•    Strong understanding of IT and cybersecurity principles, risk management, and compliance best practices.
•    Knowledge in technical infrastructure and applications
•    Proficient understanding of business focus and processes and the ability to inject CMMC compliance into the business through teamwork and influence.
•    Ability to maintain a high level of integrity, trustworthiness and confidence to represent the company to third-party assessors with the highest level of professionalism.
•    Robust ability to take the initiative to stay current, do research, self-educate
•    Familiarity with relevant compliance management software and tools.
•    Detail-oriented with a commitment to accuracy and data integrity.

PREFERRED CERTIFICATIONS:

PREFERRED CERTIFICATIONS:
o    Certified Information Systems Security Professional (CISSP)
o    Certified Information Security Manager (CISM)
o    Certified Information Systems Auditor (CISA)
o    Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA)
 

Lincoln Electric is an Equal Opportunity Employer. We are committed to promoting equal employment opportunity for applicants, without regard to their race, color, national origin, religion, sex (including pregnancy, childbirth, or related medical conditions, including, but not limited to, lactation), sexual orientation, gender identity, age, veteran status, disability, genetic information, and any other category protected by federal, state, or local law.