Security Policy and Compliance Analyst

Role & Responsibilities:

Cytellix is seeking a Cybersecurity Analyst to perform cybersecurity consulting and assessments. This person will perform cybersecurity consulting assessments for customers seeking compliance with DFARS 252.204-7012, NIST SP 800-171, and CMMC. You will conduct reviews of security artifacts and provide support on completing required documentation to include: SSPs, POA&Ms, Policies, Procedures, Plans, dataflow diagrams, network diagrams, and other documents. The Analyst will provide documentation support of the implementation of technical security controls for information systems, verify and document the implementation of security controls necessary to achieve compliance. Provide continuous monitoring activities, such as assisting clients with the mitigation of discovered vulnerabilities and assisting clients with the ensuring their implementation of security controls meets the requirement. The Analyst will research and recommend new approaches, as well as proving technical support when requested.


  • Five years of experience performing security assessments on IT systems.

  • Experience developing various policy documents (SOPs) as required. This may include policies regarding Configuration Management, IS Sanitization, Media Security, Password Policy, Business Continuity, Continuity of Operations, Incident Response, Disaster Recover, and Security Assessments.

  • Experience developing existing and new information security and risk policies.

  • Must be able to produce and review key performance indicators for implemented security measures and distribute KPIs.

  • Experience with Office 365 management is desired.

  • Must possess or be able to obtain at least one or more of the following Certifications:

    • CMMC Provisional Assessor

    • CMMC Certified Professional

    • CMMC Registered Practitioner

    • Must have In depth knowledge of DFARS 252.204-7012

  • Must have previous experience and knowledge of IT security solutions including:

    • Security Information and Event Management (SIEM)

    • Data Loss Prevention (DLP)

    • Firewall, Intrusion Detection/Prevention Systems

    • Multi-Factor Authentication

    • Mobile Device Management

    • Full Disk Encryption

    • Vulnerability Scanners

  • Keep management apprised of impending areas of concern, verbally and in writing

  • Convey project/task material to individuals, small and large groups.

  • Must have excellent written & verbal communication, collaboration, organizational and presentational skills.

  • Must have experience engaging with senior level executives.

  • Must be able to work cohesively with customers, members of the Cytellix sales, services, marketing organizations and partners required.

  • Must meet certification requirements for DoD 8570 IAT Level II or higher (Security+, CCNA Security, CySA+, GICSP, GSEC, CND, or SSCP)

  • Ability to obtain and maintain a DoD Secret Clearance.