Cybersecurity Compliance Analyst

Position Overview

RCC Business IT is seeking a Cybersecurity Compliance Analyst to support our growing Compliance Services practice. This role assists organizations in regulated industries with achieving and maintaining cybersecurity compliance across frameworks such as ISO/IEC 27001, TISAX, and CMMC 2.0 aligned with NIST SP 800-171 Rev.2.

The Cybersecurity Compliance Analyst is responsible for maintaining compliance documentation, managing evidence in our GRC platform, and ensuring control requirements are properly documented and tracked during client engagements.

This role works to help organizations move from gap assessment → remediation → audit readiness → certification. This is an excellent opportunity for someone interested in governance, risk, and compliance (GRC) within cybersecurity.

Responsibilities

Compliance Program Support

Assist in performing compliance gap assessments across multiple security frameworks

Document control implementation status and remediation plans

Maintain control mappings and framework documentation

GRC Platform Administration

Maintain client environments within the GRC platform

Upload and organize evidence supporting security controls

Track remediation activities and maintain POA&M records

Update risk registers and control status

Policy & Documentation Development

Draft and maintain security policies and procedures using approved templates

Assist with documentation required for compliance frameworks

Maintain structured evidence repositories

Audit Readiness Support

Prepare evidence packages for internal and external audits

Assist in conducting audit readiness checks

Track completion of compliance milestones

Client Coordination

Coordinate with internal engineers to collect evidence of implemented controls

Track remediation timelines and follow up on outstanding items

Participate in client compliance review meetings

Required Qualifications

2–5 years experience in IT, cybersecurity, risk, or compliance

Understanding of information security fundamentals

Strong documentation and organizational skills

Ability to interpret and document technical processes clearly

Experience working with ticketing systems, documentation platforms, or compliance tools

Strong attention to detail and process management

Preferred Experience

Familiarity with security frameworks such as:

ISO 27001

NIST 800-171

CMMC

TISAX

Experience with GRC platforms

Experience writing policies or compliance documentation

Exposure to managed service environments (MSP / MSSP)

Preferred Certifications (not required)

Security+

ISO 27001 Foundation

GRC or risk management training

Key Skills

Ability to manage multiple client compliance engagements simultaneously

Documentation discipline

Process management

Technical translation (turning engineering work into compliance evidence)

Organization and evidence tracking

Risk awareness

Success in This Role

Successful candidates will help ensure:

Compliance documentation is accurate and audit-ready

Evidence supporting security controls is properly organized

Compliance projects stay on track toward certification

Clients maintain ongoing compliance posture

Benefits:

Competitive salary commensurate with experience.

Health, dental, and vision insurance coverage.

Retirement savings plan with company match.

Paid time off and holidays.

Opportunities for professional development and training.