Note: The job is a remote job and is open to candidates in USA. ECCO Select is seeking an experienced Senior Compliance Analyst to lead compliance audit activities across federal and commercial risk management programs. This role is responsible for ensuring adherence to various compliance frameworks while supervising a team of compliance professionals through audit cycles and assessments.
Responsibilities
- Lead and manage end-to-end compliance audits, assessments, and continuous monitoring activities against NIST 800-53 controls in support of FedRAMP, FISMA, and FedRAMP+ authorization boundaries
- Oversee CMMC/NIST 800-171 assessment readiness, gap analysis, System Security Plan (SSP) development, and Plan of Action and Milestones (POA&M) tracking
- Supervise, mentor, and develop a team of compliance analysts/auditors, assigning workload, reviewing deliverables, and ensuring quality and consistency of audit evidence and reporting
- Serve as primary liaison with Third Party Assessment Organizations (3PAOs), C3PAOs, external auditors, and federal sponsoring agencies during assessment cycles
- Develop and maintain compliance documentation including SSPs, control narratives, risk assessments, and audit workpapers
- Identify control gaps and compliance risks; partner with system owners and engineering teams to develop and track remediation plans
- Support and expand compliance posture across complementary frameworks such as SOC 2 Type II and ISO 27001 as the program matures
- Prepare executive-level reporting on compliance posture, audit findings, and risk trends for senior leadership
- Stay current on evolving federal compliance requirements, regulatory changes, and industry best practices
Skills
- 10–15 years of experience in compliance, regulatory adherence, or compliance auditing roles
- Demonstrated hands-on experience with NIST 800-53-based RMF programs, including FedRAMP, FISMA, and/or FedRAMP+
- Demonstrated experience with NIST 800-171 and CMMC compliance requirements
- 3–5 years of supervisory experience leading teams through compliance audits
- At least two of the following certifications: Certified Public Accountant (CPA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA)
- Strong understanding of risk assessment methodologies, control frameworks, and audit lifecycle management
- Excellent written and verbal communication skills, with the ability to translate technical compliance findings for non-technical stakeholders
- Bachelor's degree in Information Security, Information Systems, Accounting, or related field (or equivalent experience)
- Experience with SOC 2 Type II audit processes and/or ISO 27001/27001:2022 certification efforts
- Familiarity with GRC tooling (e.g., Xacta, RSA Archer, ServiceNow GRC, Drata, Vanta)
- Experience working within federal agency environments or with federal contractors/cloud service providers
- Working knowledge of FIPS 199/200, NIST 800-37, and NIST 800-30
Company Overview