Back to search
Winsor Consulting Group, LLC Linkedin · Posted 3d ago

Compliance Analyst - CMMC

Buffalo

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

##About the Role

Winsor Consulting Group (WCG) helps Defense Industrial Base (DIB) contractors achieve and maintain CMMC Level 1 and Level 2 compliance, with deep expertise in Microsoft 365 GCC High environments. We're hiring a Compliance Analyst to support our growing CMMC practice -- someone detail--oriented, client--friendly, and eager to build real expertise in defense cybersecurity compliance alongside a senior team.

This is a hands--on, execution-focused role. You'll work under the direction of senior consultants to move client engagements forward.

##What You'll Do

  • Support CMMC Level 1 and Level 2 engagements from gap assessment through certification readiness
  • Help interpret and apply CMMC 2.0 and NIST SP 800171 controls to client environments
  • Draft and maintain System Security Plans (SSPs), Plans of Action and Milestones (POAMs), and other compliance documentation
  • Conduct control mapping and evidence review to flag gaps ahead of C3PAO assessment
  • Communicate directly with clients on documentation requests, milestones, and remediation tasks
  • Track engagement progress and keep client documentation auditready

##What You Bring

  • At least 2 years of experience in cybersecurity, IT, compliance/GRC, audit, or a related field CMMCspecific experience is a plus, not a requirement
  • Working familiarity with NIST SP 800171 and CMMC 2.0, or the ability to get up to speed quickly
  • Strong written and verbal communication comfortable explaining technical requirements in plain language
  • Highly organized, with the discipline to manage documentation and deadlines across multiple clients at once
  • Comfortable asking questions and working directly with client stakeholders

##Nice to Have

  • Exposure to Microsoft 365 GCC High, Azure Government, or similar regulated cloud environments
  • CMMC Certified Professional (CCP) or Registered Practitioner (RP) or willingness to pursue
  • Security+ (or working toward it)
  • Familiarity with DFARS cybersecurity clauses and CUI handling requirements
  • Background supporting federal contractors or defense supply chain compliance

##What We Offer

  • Competitive compensation, based on experience
  • Direct mentorship from senior CMMC practitioners
  • Real investment in your growth training, certifications, and a clear path to take on more ownership
  • A small, senior team where your work is visible and your questions get answered

##Work Environment

  • Remotefriendly, with availability during core business hours (WCG operates out of Iowa and Arizona)
  • Reliable highspeed internet and a quiet, professional workspace
Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent