Compliance Specialist, IT​/Tech

Job Description

Winsor Consulting Group is seeking a detail‑oriented Compliance Specialist to support the execution and delivery of client‑facing compliance engagements. This role is responsible for developing structured documentation, supporting governance, risk, and compliance (GRC) initiatives, and assisting clients in achieving and maintaining CMMC and other regulatory compliance requirements.

Department:
Security & Compliance

Reports to:

Director of Compliance

• Support CMMC Level 1 and Level 2 readiness assessments, including control validation and gap analysis.
• Conduct CUI flow discovery sessions to identify how Controlled Unclassified Information (CUI) is processed, stored, and transmitted within client environments.
• Develop and maintain formal CUI Flow Diagrams and data flow documentation aligned to defined CMMC assessment scope boundaries.
• Assist in defining CMMC assessment scope based on documented CUI flows and asset categorization.
• Develop and maintain System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), policies, standards, and structured compliance documentation.
• Assist in translating CMMC and NIST SP 800171 requirements into actionable administrative and technical controls.
• Conduct control walkthroughs and collect objective evidence aligned to NIST SP 800171A assessment objectives.
• Track remediation activities and support structured POA&M management through to closeout.
• Perform cross‑framework control mapping for CMMC, HIPAA, and CJIS where applicable.
• Maintain compliance evidence repositories and ensure documentation accuracy, completeness, and version control.
• Collaborate with engineering teams to validate implementation of technical safeguards supporting regulatory requirements.
• Assist with third‑party assessment coordination, including preparation for C3
  
  PAO engagements.
• Support client‑facing meetings and provide compliance status reporting under the direction of the Director of Compliance.
• Monitor regulatory updates and assist in updating internal compliance templates and methodologies.
• Contribute to standardized compliance delivery processes and internal quality assurance efforts.

• Strong working knowledge of CMMC 2.0 and NIST SP 800171 requirements.
• Experience developing SSPs, POA&Ms, CUI flow diagrams, and formal security policies aligned to federal frameworks.
• Familiarity with evidence collection and documentation practices supporting audit readiness.
• Ability to perform cross‑framework control mapping (CMMC ↔ HIPAA ↔ CJIS).
• Strong documentation, analytical, and organizational skills.
• Working understanding of security technologies (e.g., MFA, logging, encryption, vulnerability management) and their role in compliance.
• Ability to clearly communicate compliance requirements to technical and non‑technical stakeholders.
• Experience working within an MSP or consulting environment preferred.

• 37 years of experience in cybersecurity compliance, risk management, or governance.
• Direct experience supporting CMMC or NIST SP 800171 implementations preferred.
• Experience conducting CUI flow identification and documenting system scope boundaries.
• Experience drafting and maintaining formal security documentation.
• Experience supporting external audits or regulatory assessments preferred.
• Experience supporting DoD contractors or other regulated environments highly preferred.

Relevant professional certifications such as CMMC RP, CCP, CompTIA Security+, CySA+, or similar foundational security certifications.