Copy of Cybersecurity Compliance Analyst – ISO Audit Support
Centex Technologies · Austin, TX
- Hybrid
- Full-time
- $95,000 / year
- Austin, TX
Job highlights
- Focus on NIST 800-171 and CMMC compliance.
- Develop and maintain System Security Plans.
- Gather evidence for ISO audit operations.
- Collaborate with technical and non-technical teams.
- Requires U.S. citizenship and security clearance.
About the role
Cybersecurity Compliance Analyst – ISO Audit Support
Centex Technologies seeks a skilled Cybersecurity Compliance Analyst to augment ISO audit operations across multiple program enclaves. This hybrid position focuses on pre-audit preparation, evidence gathering, compliance documentation, and collaborative support for organizations pursuing NIST 800-171 and CMMC certification objectives. The ideal candidate will serve as a compliance facilitator, data coordinator, and documentation specialist rather than a traditional system administrator. This role supports mission-critical systems through meticulous attention to compliance frameworks, with particular emphasis on NIST 800-171 requirements and forward integration of COREnet System Security Plans (SSPs) for CMMC inheritance.
Primary Responsibilities
System Security Plan (SSP) Development and Documentation (40%)
- Draft, review, and update System Security Plans (SSPs) for multiple program enclaves.
- Ensure SSP accuracy, completeness, and alignment with NIST 800-171 requirements.
- Support service boundary definition and clarity updates across tenant systems.
- Collaborate with technical teams to translate system configurations into compliance documentation.
- Maintain version control and change management for SSP documentation.
Pre-Audit Evidence Gathering and Coordination (35%)
- Coordinate and facilitate pre-audit evidence collection activities across program teams.
- Organize and catalog compliance artifacts, policies, procedures, and technical documentation.
- Conduct inventory data collection and validation to meet audit minimum requirements.
- Support material build-up tasks including evidence packages, control matrices, and compliance dashboards.
- Interface with stakeholders to ensure timely submission of required documentation.
Compliance Framework Implementation (15%)
- Support implementation of NIST 800-171 controls across organizational enclaves.
- Facilitate integration of COREnet SSPs for CMMC inheritance objectives.
- Conduct gap analysis between current state and compliance requirements.
- Track remediation activities and maintain compliance status reports.
- Support continuous monitoring and ongoing compliance validation activities.
Stakeholder Collaboration and Reporting (10%)
- Facilitate compliance workshops, walkthroughs, and coordination meetings.
- Provide regular status updates to program managers and compliance leadership.
- Support internal and external audit activities as compliance liaison.
- Develop and maintain compliance metrics, dashboards, and executive reporting.
- Coordinate with Information System Security Officers (ISSOs) and System Owners.
Work Environment And Physical Requirements
Work Arrangement
Hybrid position with flexible remote and on-site requirements.
Physical Requirements
- Prolonged periods working at a computer workstation.
- Ability to participate in virtual and in-person meetings.
- Occasional lifting of equipment or materials up to 20 pounds.
- Standard office environment with ergonomic workstation setup.
Requirements
Required Qualifications
Education
Bachelor's degree in Cybersecurity, Information Technology, Information Systems, Business Administration, or related field. Equivalent combination of education and experience may be considered.
Experience
- Minimum 3-5 years of experience in cybersecurity compliance, IT audit, or risk management.
- Demonstrated experience with compliance frameworks, preferably NIST 800-171, NIST 800-53, or similar federal standards.
- Experience with System Security Plan (SSP) development or documentation.
- Proven track record in pre-audit preparation and evidence gathering activities.
Technical Knowledge
- Working knowledge of NIST 800-171 security controls and requirements.
- Understanding of cybersecurity principles, risk management, and control frameworks.
- Familiarity with federal compliance requirements (FISMA, FedRAMP, CMMC, or similar).
- Experience with compliance documentation tools and systems.
Skills And Competencies
- Exceptional written and verbal communication skills.
- Strong organizational skills with keen attention to detail.
- Ability to manage multiple priorities and deadlines simultaneously.
- Collaborative mindset with ability to work across technical and non-technical teams.
- Proficiency in Microsoft Office Suite, particularly Excel and Word.
- Experience with documentation management systems and collaborative platforms.
Clearance and Citizenship
U.S. Citizenship required. Ability to obtain and maintain required security clearances as needed. Background check and reference verification required.
Preferred Qualifications
Certifications (One or More Highly Desired)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Authorization Professional (CAP)
- Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA)
- CompTIA Security+
- Certified Internal Auditor (CIA)
- ISO 27001 Lead Auditor or Lead Implementer
Additional Experience
- Direct experience supporting CMMC assessments or certifications.
- Experience with COREnet or similar inherited control environments.
- Previous work in defense contracting or federal government environments.
- Experience with GRC (Governance, Risk, and Compliance) platforms such as Archer, ServiceNow GRC, or similar tools.
- Knowledge of DoD supply chain security requirements.
Key skills/competency
- Cybersecurity Compliance
- NIST 800-171
- CMMC
- System Security Plan (SSP)
- Audit Support
- Risk Management
- IT Audit
- Compliance Documentation
- Evidence Gathering
- Stakeholder Collaboration
Skills & topics
- Cybersecurity Compliance Analyst
- NIST 800-171
- CMMC
- ISO Audit
- System Security Plan
- SSP Development
- IT Audit
- Risk Management
- Compliance Documentation
- Evidence Gathering
How to get hired
- Customize your resume: Highlight experience with NIST 800-171, CMMC, SSP development, and audit support.
- Tailor your application: Emphasize your compliance, documentation, and collaboration skills in your cover letter.
- Prepare for technical questions: Be ready to discuss cybersecurity frameworks and audit processes.
- Showcase collaboration: Demonstrate your ability to work with diverse teams during interviews.
- Highlight certifications: Mention any relevant certifications like CISSP, CISM, or CMMC-related ones.
Technical preparation
Study NIST 800-171 and CMMC controls.,Practice writing and updating SSPs.,Familiarize with audit evidence gathering.,Learn GRC tools like Archer or ServiceNow.
Behavioral questions
Describe a complex compliance challenge.,How do you ensure documentation accuracy?,How do you collaborate with technical teams?,How do you manage multiple audit deadlines?
Frequently asked questions
- What is the primary focus of the Cybersecurity Compliance Analyst role at Centex Technologies?
- The primary focus of the Cybersecurity Compliance Analyst role at Centex Technologies is to support ISO audit operations by preparing for audits, gathering evidence, and managing compliance documentation, particularly for NIST 800-171 and CMMC certification objectives.
- What are the key responsibilities for a Cybersecurity Compliance Analyst at Centex Technologies?
- Key responsibilities include developing and updating System Security Plans (SSPs), coordinating evidence gathering for pre-audit preparation, supporting the implementation of NIST 800-171 controls, and collaborating with stakeholders for reporting and audit support.
- What specific compliance frameworks are most important for this Cybersecurity Compliance Analyst position?
- The most important compliance frameworks for this position are NIST 800-171 and CMMC. Familiarity with NIST 800-53, FISMA, and FedRAMP is also beneficial.
- What kind of experience is required for the Cybersecurity Compliance Analyst role?
- Required experience includes 3-5 years in cybersecurity compliance, IT audit, or risk management, with demonstrated experience in compliance frameworks like NIST 800-171 and SSP development or documentation.
- What are the preferred qualifications for a Cybersecurity Compliance Analyst at Centex Technologies?
- Preferred qualifications include certifications such as CISSP, CISM, CAP, CCP, CompTIA Security+, CIA, or ISO 27001 Lead Auditor/Implementer. Direct experience with CMMC assessments, COREnet, or GRC platforms is also highly desired.
- What is the work arrangement for this Cybersecurity Compliance Analyst position?
- This is a hybrid position, offering a flexible combination of remote and on-site work requirements.
- What educational background is needed for the Cybersecurity Compliance Analyst role at Centex Technologies?
- A Bachelor's degree in Cybersecurity, Information Technology, Information Systems, Business Administration, or a related field is required. An equivalent combination of education and experience may also be considered.
- Is U.S. Citizenship required for the Cybersecurity Compliance Analyst position?
- Yes, U.S. Citizenship is required for this role, and the ability to obtain and maintain required security clearances is also necessary.
Similar roles
Open positions we recommend based on this role.