Senior Compliance Analyst

The Senior Compliance Analyst plays a key role in helping Defense Industrial Base (DIB) clients achieve and maintain compliance with federal cybersecurity requirements, including

CMMC, NIST SP

800-171, and

DFARS 252.204-7012.

Working closely with both internal teams and client stakeholders, this position is responsible for developing and maintaining compliance documentation, conducting gap analyses and security assessments, and guiding clients through the remediation and assessment preparation process. The ideal candidate brings a strong foundation in federal cybersecurity frameworks, excellent communication skills, and the ability to manage multiple client engagements with professionalism and attention to detail, serving as a trusted advisor to organizations navigating the complexities of government contractor compliance. Role Responsibilities Review, develop, update, and maintain cybersecurity documentation including policies, procedures, standards, System Security Plans (SSPs), incident response documentation, checklists, and operational work instructions aligned with CMMC Level 2 and NIST requirements Lead and support the implementation, maintenance, and continuous improvement of client compliance programs related to

CMMC, NIST SP 800-171, DFARS

252.204-7012, and other federal cybersecurity frameworks Develop and track Plans of Action & Milestones (POA&Ms), risk assessments, vulnerability remediation efforts, and ongoing security monitoring activities Conduct security assessments and gap analyses for on-premises and cloud-based environments, including evidence collection, control validation, and documentation of findings Collaborate with engineering, security, compliance, and client-facing teams to support secure managed services operations for Defense Industrial Base (DIB) clients Guide clients through CMMC Level 2 assessment preparation by evaluating technical and administrative controls and delivering actionable remediation guidance Identify client security and compliance gaps and provide practical, strategic recommendations to strengthen security posture, operational maturity, and regulatory alignment Serve as a client-facing point of contact for compliance engagements, including participation in regular client calls, status updates, and meetings to communicate findings, track progress, and maintain strong working relationships Take on additional duties and special projects as assigned Requirements One or more DoD 8140 Intermediate-level certifications, such as: CompTIA Security+ CE, CASP+, CISSP (Associate), (ISC)²

SSCP, GIAC

GSEC, or equivalent approved credential aligned to a Cyber IT/Cybersecurity Workforce role Strong working knowledge of CMMC Level 1 & 2, NIST

SP 800-171, NIST SP 800-171A, NIST SP 800-53, DFARS

252.204-7012, and related cybersecurity frameworks Excellent written and verbal communication skills, with a proven ability to produce clear technical documentation, policies, and client-facing materials Strong organizational, analytical, and problem-solving abilities with the capacity to manage competing priorities in a fast-paced environment Collaborative team player with a customer-first mindset and the ability to engage effectively across both technical and non-technical audiences Demonstrated ability to maintain strict confidentiality and exercise sound professional judgment when handling sensitive data Self-motivated, intellectually curious, and committed to continuous growth in technical knowledge and compliance expertise Working understanding of IT infrastructure, networking fundamentals, cybersecurity terminology, and managed service operations Additional qualifications we'd like to see: Associate's or Bachelor's degree in Information Technology, Cybersecurity, or a related field with 3+ years of relevant experience (equivalent combinations of certifications and demonstrated hands-on experience will be considered) Proficient in Microsoft 365 applications Leveraged GRC platforms to streamline compliance program management, including control mapping, risk assessments, evidence collection, and audit readiness tracking across multiple regulatory frameworks Familiarity with Microsoft 365 security, cloud security concepts, endpoint protection, vulnerability management, and security operations best practices Experience supporting government contractors, Defense Industrial Base (DIB) organizations, or managed security and compliance services in regulated environments preferred

ABOUT STRATUS SERVICES

Stratus Services, LLC is a premier IT Consulting and Managed Service Provider (MSP) headquartered in Anchorage, AK and servicing firms across the nation. Since 2016, we have grown by helping local businesses leverage technology to succeed. We are entering a pivotal growth phase and are seeking a to grow our compliance team in line with the current national needs. We are Alaska's first CMMC Level 2 compliant managed service provider.

Job Type:

Full-time Pay:

$90,000.00 - $120,000.00 per year

Benefits:

401(k) 401(k) matching Dental insurance Health insurance Life insurance Paid time off Vision insurance Application Question(s): Are you currently located and able to work in the greater Anchorage, AK area or the Treasure Valley, ID?

Work Location:

In person