Key Responsibilities:

• Conduct comprehensive cybersecurity assessments and audits to ensure compliance with the CMMC framework.

• Develop, implement, and maintain cybersecurity policies, procedures, and controls in alignment with CMMC requirements.

• Monitor, analyze, and address security vulnerabilities and threats, providing detailed recommendations for remediation and risk reduction.

• Collaborate with cross-functional teams to identify, address, and resolve cybersecurity gaps, boosting the organization’s overall security profile.

• Serve as a subject matter expert on CMMC requirements, offering guidance, education, and training to relevant teams and staff.

• Support the preparation and submission of CMMC assessments and documentation required for certification.

• Stay current with industry trends, cybersecurity regulations, and emerging technologies to continuously enhance the organization’s compliance program.

Job Duties (including but not limited to):

• CMMC Compliance Assessment:

Conduct comprehensive assessments to identify gaps in existing security practices against CMMC requirements, including data classification, access controls, incident response, and system hardening.

• Data Governance Strategy Development:

Design and implement data classification schemes to identify sensitive information (CUI) and establish appropriate data protection controls aligned with CMMC levels.

• Microsoft Purview Implementation:

Leverage Microsoft Purview features like data discovery, classification, retention policies, and compliance management to monitor and enforce CMMC data protection standards across the organization.

• Policy Creation and Enforcement:

Develop and implement data handling policies, including data sharing guidelines, user access controls, and data encryption protocols to meet CMMC compliance.

• Compliance Reporting:

Generate regular reports on CMMC compliance status, identifying areas of risk and potential non-compliance issues.

• Stakeholder Collaboration:

Work closely with different teams, including IT, security, legal, and business units, to ensure CMMC compliance across all organizational functions.

Required Skills and Experience:

• Deep understanding of CMMC framework and its requirements

• Expertise in data governance, classification, and protection practices

• Proficiency with Microsoft Purview and other data governance tools

• Experience with cybersecurity compliance frameworks like NIST 800-171

• Strong analytical and problem-solving skills

• Excellent communication and collaboration abilities to work with diverse teams

• continuously enhance the organization’s compliance program.

Key Qualifications and Skills:

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field; relevant certifications (e.g., CISSP, CISA, CISM) are highly desirable.

• Proven experience in conducting cybersecurity assessments and audits, with an in-depth understanding of the CMMC framework and requirements.

• Strong knowledge of information security principles, best practices, and technologies, including network, application, and cloud security.

• Experience in crafting and enforcing cybersecurity policies, procedures, and controls to meet compliance standards.

• Proficiency in risk management, incident response, and security operations, with the ability to analyze security data to identify potential vulnerabilities.

• Strong communication skills, with the ability to collaborate effectively across teams and present findings to senior management.

• Detail-oriented with exceptional problem-solving and analytical abilities, capable of managing multiple tasks in a fast-paced environment.

• Passion for continuing professional development, including staying informed on cybersecurity trends, emerging threats, and new technologies.

Requirements:

• Exam MS-900: Microsoft 365 Fundamentals

• Exam MS-500: Microsoft 365 Security Administration

• Exam AZ-900: Microsoft Azure Fundamentals

• Exam AZ-104: Microsoft Azure Administrator

• Exam AZ-500: Microsoft Azure Security Technologies

Education:

• 3 – 5 years of relevant experience with specified infrastructure and IT technologies.

• A Bachelor’s Degree in computer science, computer engineering, management information systems, information technology or a similar field.

• An equivalent combination of education and experience may substitute for a degree.

• Certifications are a plus