Overview

Governance & Compliance Analyst Jobs in United States at Norseman Defense Technologies

Title: Governance & Compliance Analyst

Company: Norseman Defense Technologies

Location: United States

Norseman Defense Technologies

Norseman Defense Technologies, a small business, has over 30 years of success as an information technology provider and systems integrator delivering best of breed solutions that solve our federal customers IT problems. Based in Elkridge, MD, Norseman is known for solving complex mission challenges through strong OEM partnerships, disciplined execution, and deep customer alignment.

Position Overview

Norseman is seeking a Governance and Compliance Analyst to support the continued development, implementation, and evaluation of our cybersecurity and compliance programs. This role will focus on Cybersecurity Maturity Model Certification (CMMC), Supply Chain Risk Management (SCRM), control identification, process implementation, audit support, and evaluation of the company’s compliance footprint across systems, processes, suppliers, and business operations.

The successful candidate will help translate regulatory, contractual, and internal compliance requirements into practical controls, documented processes, audit-ready evidence, and measurable remediation activities. This position will work closely with stakeholders across security, IT, operations, contracts, procurement, quality, and leadership to strengthen compliance readiness and support ongoing governance efforts.

Key Responsibilities

  • Analyze and interpret applicable compliance requirements, including CMMC, NIST-based controls, customer obligations, and supply chain security expectations.
  • Identify and document required controls across administrative, technical, and physical domains.
  • Support evaluation of the company’s compliance footprint by assessing systems, users, suppliers, environments, data flows, and third-party dependencies for scope and applicability.
  • Assist in translating control requirements into operational processes, procedures, work instructions, and governance practices.
  • Support implementation and maintenance of repeatable compliance processes, including evidence retention, control reviews, corrective actions, and exception handling.
  • Participate in internal audits, mock assessments, control reviews, and readiness activities.
  • Collect, organize, validate, and maintain documentation and evidence supporting compliance requirements.
  • Evaluate control design and operating effectiveness and help identify process or documentation gaps.
  • Assist in development and tracking of remediation plans, action items, and compliance improvement initiatives.
  • Support supplier and third-party compliance reviews, including supplier questionnaires, documentation reviews, and supply chain-related control assessments.
  • Maintain compliance logs, control inventories, tracking matrices, and status reports.
  • Prepare reports, summaries, and governance materials for management review and decision-making.
  • Support continuous improvement of governance, compliance, and audit-readiness processes.

Required Qualifications

  • Bachelor’s degree in cybersecurity, information assurance, business, audit, risk management, information systems, or a related field, or equivalent relevant experience.
  • 3+ years of experience in governance, risk, compliance, audit, cybersecurity program support, or related compliance functions.
  • Working knowledge of CMMC, NIST SP 800-171, and general security control implementation concepts.
  • Familiarity with Supply Chain Risk Management (SCRM) and third-party or supplier oversight practices.
  • Experience supporting internal audits, assessments, documentation reviews, or readiness activities.
  • Experience developing or supporting policies, procedures, process documentation, or control evidence.
  • Strong analytical, organizational, and written communication skills.
  • Ability to work effectively across technical and non-technical teams.

Preferred Qualifications

  • Experience in a government contractor, defense industrial base, regulated technology, or compliance-driven environment.
  • Familiarity with NIST SP 800-53, NIST SP 800-161, DFARS, CUI handling, or related federal cybersecurity requirements.
  • Experience with system security plans, control matrices, POA&Ms, supplier questionnaires, and evidence repositories.
  • Experience supporting corrective action tracking, quality management, or internal control testing.
  • Relevant certifications such as Security+, CISA, CISM, CRISC, CGRC, or similar.
  • Exposure to GCC High, compliance platforms, ticketing/workflow systems, or GRC tools.

Equal Opportunity Employer/Veterans/Disabled

Apply

Upload your CV/resume or any other relevant file. Max. file size: 800 MB.