Cyber Security Analyst NIST 800-171 Evidence & Compliance Analyst

Chatsworth, California
Full Time

Email Address

Apply Now

Job Title: Cyber Security Analyst NIST 800-171 Evidence & Compliance Analyst

Department: Information Technology
Reports To: Information Technology Manager
Employment Type: Temp 3-6 Months

Position Summary

The Cyber Security Analyst NIST 800-171 Evidence & Compliance Analyst is responsible for supporting and maintaining organizational cybersecurity compliance initiatives through collection, validation, documentation, and management of evidence supporting NIST SP 800-171 requirements and CMMC Level 2 readiness. This role works closely with IT Manager, system administrators, management teams, and external assessors to ensure security controls are implemented and supported with accurate evidence and documentation.

The position is responsible for preparing assessment artifacts, maintaining audit records, supporting gap remediation efforts, and ensuring that compliance evidence remains current, organized, and assessment ready.

Essential Duties and Responsibilities

Collect, organize, validate, and maintain cybersecurity evidence supporting NIST SP 800-171 controls.
Manage evidence repositories and maintain documentation for all applicable security controls.
Support preparation and maintenance of:System Security Plan (SSP),Plan of Action & Milestones (POA&M), Policies and Procedures, Network diagrams, Asset inventory, Data flow diagrams, Risk assessments, Security training records
Gather technical artifacts including, Active Directory configuration screenshots, Group Policy configurations, Multi-factor authentication, configurations Vulnerability scan results, Endpoint security reports, Backup reports Change management records, Patch management reports
Coordinate evidence collection across IT, HR, Facilities, Engineering, and business departments.
Conduct periodic reviews to verify evidence remains current and compliant.
Support internal assessments and external audits for NIST 800-171 and CMMC Level 2.
Track control implementation status and document deficiencies within POA&M.
Monitor control effectiveness and assist with remediation activities.
Review audit logs and verify evidence supports accountability and traceability requirements. Audit records must support monitoring, investigation, and reporting activities.
Assist in maintaining access control reviews and privileged account documentation.
Ensure evidence of integrity and protection from unauthorized modification or deletion.
Participate in security awareness initiatives and compliance training activities.
Assist in incident response documentation and evidence preservation activities.
Support third-party assessors during compliance assessments.

Required Qualifications

Bachelors degree in Cybersecurity, Information Technology, Computer Science, or related field, equivalent experience considered.
35+ years of cybersecurity, compliance, or IT security experience.
Experience with, NIST SP 800-171, DFARS ..., CMMC Level 2
Microsoft Active Directory, Microsoft 365 / Azure, Security logging platforms, Endpoint security tools
Understanding of cybersecurity documentation and evidence management practices.
Experience preparing audit documentation and supporting assessments.
Strong documentation and organizational skills.
Ability to communicate technical concepts to non-technical personnel.

Preferred Qualifications

Experience supporting defense contractors handling CUI.
Familiarity with: Vulnerability management tools, Microsoft Defender
SonicWall firewalls, Remote access security
Industry certifications preferred:
- CompTIA Security+
- Certified Information Systems Security Professional (CISSP)
- Microsoft Certified Professional (MCP) / Microsoft Certified IT Professional (MCITP)
- Certified Information Security Manager (CISM)
- Certified CMMC Professional (CCP)

Technical Skills