Compliance and Security Specialist

Please NOTE: This position requires Security Clearance. Has to works with CFIUS. Need to have some understanding of NIST and CMMC. We are seeking a knowledgeable and experienced Compliance and Security Specialist to manage and support our security, risk, and compliance initiatives, including ISO 27001, NIST, CMMC 2.0, and CFIUS compliance, with good understand of relevant FAR & DFAR clause. This role ensures that our organization adheres to information security best practices and regulatory requirements, particularly in sensitive areas involving national security and foreign investment. Compliance Management: Lead initiatives to achieve and maintain compliance with ISO 27001, NIST SP 800-53/CSF, and CMMC 2.0 (Levels 1 3).Oversee compliance with CFIUS requirements for organizations subject to foreign ownership, control, or influence (FOCI). Conduct Internal (Self) Audits, Gap assessments, Risk assessments, Mitigation planning and readiness reviews across compliance frameworks. Support review of Customer contract documents related to Security, FAR / DFAR clause. CFIUS Oversight: Manage and monitor compliance with mitigation agreements and security commitments imposed by CFIUS. Maintain documentation and reporting required for CFIUS oversight and coordinate responses to information requests. Audit & Certification Support: Conduct audits and support external audits, assessments, and certifications (e.g., ISO 27001, NIST, CMMC). Coordinate evidence collection and responses during audits and ensure timely remediation of findings. Education: Bachelor s degree in Cybersecurity, Information Security, or related field (or equivalent experience). • Certifications (Preferred- one or more): ISO 27001 internal Auditor • Certified Information Systems Security Professional (CISSP) • Certified Information Security Manager (CISM) • Certified CMMC Professional (CCP) • Certified in Risk and Information Systems Control (CRISC) • 4+ years of experience in cybersecurity compliance and regulatory frameworks.Hands-on experience with ISO 27001, NIST SP 800-53/CSF, and CMMC 2.0. Experience managing or supporting CFIUS or FOCI compliance programs. Strong understanding of U.S. regulatory and security compliance requirements. Deep knowledge of security control frameworks and risk management. Exceptional written and verbal communication skills.Ability to manage multiple high-priority projects across departments.Skilled in developing clear, actionable documentation and reports for technical and executive audiences.Ability to liaison with multiple stakeholders with in the company and corporate. Cygnus Diversity, Inclusion & Equal Opportunity Commitment We proudly promote equal opportunities and inclusive workplaces. All employment decisions are based on qualifications and project needs. Apply tot his job