Cybersecurity Compliance Analyst

About Two Five Solutions

Two Five Solutions delivers cybersecurity, compliance, and IT services to defense contractors and government clients. We're problem solvers first—a tight-knit team that believes in doing more with less by leveraging automation, AI, and smart processes to deliver exceptional results without bloat.

Our approach is simple: small teams, high productivity, practical solutions. We specialize in helping organizations navigate complex compliance frameworks (CMMC 2.0, NIST 800-171, SOC 2, ISO 27001) while building resilient security and IT infrastructure. Whether it's managed compliance programs, security operations, or strategic IT buildouts, we focus on outcomes that matter—protecting our clients' operations and positioning them for growth.

We serve our customers with three core service areas:: Modern IT Services (infrastructure, managed IT, AI/automation, strategic consulting), Security Services (managed SOC, risk assessments, vCISO), and Governance, Risk & Compliance (managed compliance programs, assessments, consulting).

The Role

We're seeking a Compliance Analyst to support our managed compliance programs for defense contractors and regulated organizations. You'll be the operational backbone of our compliance engagements—collecting evidence, validating controls, maintaining documentation, and ensuring our clients stay audit-ready throughout the year.

This role is perfect for someone who's detail-oriented, process-driven, and wants hands-on experience with compliance frameworks that matter. You'll work directly with 2-3 client accounts under the guidance of our CMMC Program Manager, gaining deep expertise in NIST 800-171, CMMC, SOC 2, and related frameworks.

What You'll Do

Evidence Collection & Control Validation

• Collect and organize evidence for 110 CMMC 2.0 L2 controls across multiple client environments
• Perform control testing and validation to verify implementation effectiveness
• Document findings, gaps, and observations in compliance automation platforms (Drata)
• Maintain evidence repositories and ensure artifacts are current and complete
• Track control status and remediation progress

Documentation & Artifact Management

• Update and maintain compliance documentation including policies, procedures, and security artifacts
• Manage POA&M tracking and remediation status
• Ensure documentation aligns with CMMC 2.0 and client-specific requirements
• Organize and prepare documentation packages for audits and assessments
• Keep compliance platforms (Drata) updated with current evidence and status

Client Support & Communication

• Serve as day-to-day point of contact for routine compliance requests
• Coordinate evidence requests with client personnel
• Schedule and facilitate compliance check-ins and evidence collection sessions
• Respond to client questions about control requirements and evidence needs
• Escalate complex issues or gaps to the Program Manager

Assessment & Audit Support

• Support mock assessments and readiness reviews
• Prepare evidence packages for C3PAO assessments
• Assist with audit coordination and evidence presentation
• Track and document assessment findings and remediation items

Process Improvement

• Identify opportunities to streamline evidence collection and documentation
• Help build templates, checklists, and standard operating procedures
• Recommend automation or tooling improvements to increase efficiency
• Contribute to knowledge base and internal compliance resources

What You Bring

Required:

• 1-3 years in compliance, risk management, audit, or related role (or strong internship/academic background)
• Working knowledge of at least one compliance framework (NIST 800-171, CMMC, SOC 2, ISO 27001, or similar)
• Strong attention to detail and organizational skills
• Comfortable working with technical documentation and security controls
• Proficiency with Microsoft Office and ability to learn compliance platforms quickly
• Clear written and verbal communication skills
• Self-motivated and able to manage multiple client workstreams

Preferred:

• Familiarity with NIST 800-171 or CMMC 2.0 requirements
• Experience with compliance management tools (Drata, Vanta, OneTrust, etc.)
• Understanding of GCC-High, Microsoft 365, or government cloud environments
• Background in IT, cybersecurity, or information systems
• Experience supporting audits or assessments
• Relevant certifications (Security , SSCP, or framework-specific credentials)

Working Style:

• Detail-oriented without losing sight of the bigger picture
• Comfortable asking questions and seeking clarification
• Proactive problem-solver who flags issues early
• Team player who collaborates well with technical and customer-facing colleagues
• Interested in building expertise in compliance and cybersecurity
• Adaptable to changing priorities and client needs

What We Offer

• Competitive salary commensurate with experience
• In-person collaborative work environment in Washington, DC
• Direct mentorship from experienced compliance practitioners
• Hands-on experience with multiple compliance frameworks and real client engagements
• Opportunity to grow into senior compliance or program management roles
• Work with mission-focused defense contractors and government clients
• Small team where you'll have visibility into all aspects of the business
• Culture that values productivity, problem-solving, and continuous improvement

Location

• Washington, DC. This is an in-person position. Remote work may be considered for exceptional candidates in specific circumstances.