CMMC Specialist

Lincoln Electric is the world leader in the engineering, design, and manufacturing of advanced arc welding solutions, automated joining, assembly and cutting systems, plasma and oxy-fuel cutting equipment, and has a leading global position in brazing and soldering alloys. Lincoln is recognized as the Welding Expert™ for its leading materials science, software development, automation engineering, and application expertise, which advance customers' fabrication capabilities to help them build a better world. Headquartered in Cleveland, Ohio, Lincoln Electric is a $4.2B publicly traded company (NASDAQ:LECO) with over 12,000 employees around the world, with operations in 71 manufacturing and automation system integration locations across 21 countries and maintains a worldwide network of distributors and sales offices serving customers in over 160 countries.

Location: Euclid - 22801 
Employment Status: Salary Full-Time 
Function: Information Technology 
Req ID: 25813 

​

​

Summary

PURPOSE:

The Senior Analyst, IT, CMMC Compliance will be responsible for contributing to the company’s CMMC compliance journey and for maintaining the compliance program once fully implemented. This role will oversee the execution and ongoing review of CMMC IT Controls and provide leadership and guidance to the other functions in the company that own CMMC controls, including but not limited to physical security, HR, and procurement. This role is part of a team of GRC professionals, collaborates with cross-functional teams, and implements robust strategies to maintain and enhance our compliance posture.

DUTIES AND RESPONSIBILITIES: 

Cross-Functional Collaboration
•    Collaborate with stakeholders across the organization to ensure a clear understanding of CMMC compliance requirements and alignment with business goals.
•    Establish and maintain strong relationships with stakeholders across technology, compliance, cybersecurity, procurement, HR and physical security. 
•    Work with internal/external auditors, regulators, assessors, business stakeholders and other functional areas such as Legal, Compliance and HR. 
•    Provide guidance and support to other members of the IT team on CMMC compliance-related issues.
•    Train internal teams on CMMC compliance requirements

CMMC Compliance Process
•    Own the maintenance of comprehensive GRC strategies aligned with CMMC compliance
•    Maintain and enhance CMMC compliance assessment toolkits for testing and validation
•    Maintain documentation and records for CMMC compliance processes, procedures, and standards.
•    Prepare and manage documentation including but not limited to SSP, boundary diagram, asset inventory and the responsibility matrix for certification audits, ensuring that all required evidence and controls are in place.
•    Stay updated on changes to CMMC guidelines, associated Rules and NIST cybersecurity frameworks, adapting the organization's strategy as needed.
•    Provide subject matter expertise and guidance to internal stakeholders on CMMC, DFARS, NIST SP 800-171, and other relevant cybersecurity regulations. 
•    Drive continuous improvement initiatives to enhance the efficiency and effectiveness of CMMC compliance processes and controls.
•    Leverage automation and technology to streamline compliance activities and reporting.
•    Maintain CMMC-focused IT policies, standards and procedures
•    Provide guidance to future expansion of CMMC compliance program to other parts of the business

Education & Experience Required

BASIC REQUIREMENTS
•    Bachelor's degree in Computer Science, Information Security, or related field is preferred.
•    5+ years of experience in IT compliance, with deep experience in CMMC Level 1 and Level 2 certification requirements, and NIST and knowledge of DFARS
•    Strong understanding of CMMC (Cybersecurity Maturity Model Certification) and NIST SP 800-171 and NIST 800-53 frameworks, with hands-on experience guiding organizations through CMMC compliance.
•    Must be a US Citizen and currently working in the United States.
•    Experience in the manufacturing industry, particularly with IT and OT systems, is a plus.
•    Familiarity with other cybersecurity regulations, such as ISO 27001, is a plus.
•    Strong understanding of IT and cybersecurity principles, risk management, and compliance best practices.
•    Proven track record of managing CMMC compliance processes.
•    Knowledge in technical infrastructure and applications
•    Proficient understanding of business focus and processes and the ability to inject CMMC compliance into the business through teamwork and influence.
•    Ability to maintain a high level of integrity, trustworthiness and confidence to represent the company to third-party assessors with the highest level of professionalism.
•    Excellent project management, personal and organizational skills.
•    Excellent communication and interpersonal skills.
•    Ability to work independently and as part of a team.
•    Strong analytical and critical thinking skills.
•    Strong collaboration skills.
•    Robust ability to take the initiative to stay current, do research, self-educate
•    Strong results orientation
•    Familiarity with relevant compliance management software and tools.
•    Detail-oriented with a commitment to accuracy and data integrity.

PREFERRED CERTIFICATIONS:

PREFERRED CERTIFICATIONS:
o    Certified Information Systems Security Professional (CISSP)
o    Certified Information Security Manager (CISM)
o    Certified Information Systems Auditor (CISA)
o    Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA)
 

Lincoln Electric is an Equal Opportunity Employer. We are committed to promoting equal employment opportunity for applicants, without regard to their race, color, national origin, religion, sex (including pregnancy, childbirth, or related medical conditions, including, but not limited to, lactation), sexual orientation, gender identity, age, veteran status, disability, genetic information, and any other category protected by federal, state, or local law.