Cybersecurity Compliance Analyst

About Two Five SolutionsTwo Five Solutions delivers cybersecurity, compliance, and IT services to defense contractors and government clients. We're problem solvers firsta tight-knit team that believes in doing more with less by leveraging automation, AI, and smart processes to deliver exceptional results without bloat.Our approach is simple: small teams, high productivity, practical solutions. We specialize in helping organizations navigate complex compliance frameworks (CMMC 2.0, NIST 800-171, SOC 2, ISO 27001) while building resilient security and IT infrastructure. Whether it's managed compliance programs, security operations, or strategic IT buildouts, we focus on outcomes that matterprotecting our clients' operations and positioning them for growth.We serve our customers with three core service areas:: Modern IT Services (infrastructure, managed IT, AI/automation, strategic consulting), Security Services (managed SOC, risk assessments, vCISO), and Governance, Risk & Compliance (managed compliance programs, assessments, consulting).The RoleWe're seeking a Compliance Analyst to support our managed compliance programs for defense contractors and regulated organizations. You'll be the operational backbone of our compliance engagementscollecting evidence, validating controls, maintaining documentation, and ensuring our clients stay audit-ready throughout the year.This role is perfect for someone who's detail-oriented, process-driven, and wants hands-on experience with compliance frameworks that matter. You'll work directly with 2-3 client accounts under the guidance of our CMMC Program Manager, gaining deep expertise in NIST 800-171, CMMC, SOC 2, and related frameworks.What You'll DoEvidence Collection & Control ValidationCollect and organize evidence for 110 CMMC 2.0 L2 controls across multiple client environmentsPerform control testing and validation to verify implementation effectivenessDocument findings, gaps, and observations in compliance automation platforms (Drata)Maintain evidence repositories and ensure artifacts are current and completeTrack control status and remediation progressDocumentation & Artifact ManagementUpdate and maintain compliance documentation including policies, procedures, and security artifactsManage POA&M tracking and remediation statusEnsure documentation aligns with CMMC 2.0 and client-specific requirementsOrganize and prepare documentation packages for audits and assessmentsKeep compliance platforms (Drata) updated with current evidence and statusClient Support & CommunicationServe as day-to-day point of contact for routine compliance requestsCoordinate evidence requests with client personnelSchedule and facilitate compliance check-ins and evidence collection sessionsRespond to client questions about control requirements and evidence needsEscalate complex issues or gaps to the Program ManagerAssessment & Audit SupportSupport mock assessments and readiness reviewsPrepare evidence packages for C3PAO assessmentsAssist with audit coordination and evidence presentationTrack and document assessment findings and remediation itemsProcess ImprovementIdentify opportunities to streamline evidence collection and documentationHelp build templates, checklists, and standard operating proceduresRecommend automation or tooling improvements to increase efficiencyContribute to knowledge base and internal compliance resourcesWhat You BringRequired:1-3 years in compliance, risk management, audit, or related role (or strong internship/academic background)Working knowledge of at least one compliance framework (NIST 800-171, CMMC, SOC 2, ISO 27001, or similar)Strong attention to detail and organizational skillsComfortable working with technical documentation and security controlsProficiency with Microsoft Office and ability to learn compliance platforms quicklyClear written and verbal communication skillsSelf-motivated and able to manage multiple client workstreamsPreferred:Familiarity with NIST 800-171 or CMMC 2.0 requirementsExperience with compliance management tools (Drata, Vanta, OneTrust, etc.)Understanding of GCC-High, Microsoft 365, or government cloud environmentsBackground in IT, cybersecurity, or information systemsExperience supporting audits or assessmentsRelevant certifications (Security+, SSCP, or framework-specific credentials)Working Style:Detail-oriented without losing sight of the bigger pictureComfortable asking questions and seeking clarificationProactive problem-solver who flags issues earlyTeam player who collaborates well with technical and customer-facing colleaguesInterested in building expertise in compliance and cybersecurityAdaptable to changing priorities and client needsWhat We OfferCompetitive salary commensurate with experienceIn-person collaborative work environment in Washington, DCDirect mentorship from experienced compliance practitionersHands-on experience with multiple compliance frameworks and real client engagementsOpportunity to grow into senior compliance or program management rolesWork with mission-focused defense contractors and government clientsSmall team where you'll have visibility into all aspects of the businessCulture that values productivity, problem-solving, and continuous improvementLocationWashington, DC. This is an in-person position. Remote work may be considered for exceptional candidates in specific circumstances.
recblid qucpnspeld6xj5cgsujynio2buh6ci