Assess, Implement, Manage (AIM™)
Compliance Engineer
Location
United States
Posted
92 days ago
Salary
$110K - $135K / year
Seniority
Mid Level
Job Description
Compliance Engineer
CyberSheath
CyberSheath Services International LLC is a rapidly growing Managed Services Provider primarily focused on providing CMMC Compliance and Cybersecurity services to the Defense Industrial Base (DIB). We are excited to be expanding our staff due to our growth and are looking to add to our team! CyberSheath integrates compliance and threat mitigation efforts and eliminates redundant security practices that don’t improve and, in fact, may weaken an organization’s security posture. Our professionals advise clients where to stop spending, where to invest, and how to take what they are already doing and integrate it in a way that delivers improved security. Successful candidates for CyberSheath are self-motivated, think out of the box, work, and solve issues independently. Confident, ‘doers’ who ‘get the job done’ and strive to ‘do the right thing, even when no-one is looking’ are the types of candidates who strive in our culture. Additionally, our most successful team members are self-starters and willing to put on many hats to succeed. CyberSheath is fast-growing and seeks candidates who want to be part of our upward trajectory. The CMMC Compliance Engineer will be responsible for designing, implementing, and maintaining data protection controls that safeguard Controlled Unclassified Information (CUI) across Microsoft 365 and Azure environments in alignment with CMMC Level 2 and NIST 800-171 requirements. Key Responsibilities • Design, deploy, and manage Microsoft Purview Data Loss Prevention (DLP) policies across Exchange Online, SharePoint Online, OneDrive, Teams, and endpoint workloads. • Implement and maintain Microsoft Purview sensitivity labels, including label taxonomy, protection settings, encryption, and user experience alignment. • Configure and enforce auto-labeling and trainable classifiers to identify and protect CUI, export-controlled data, and other regulated data types. • Integrate DLP and labeling controls with Conditional Access, endpoint controls, and Defender workloads to support defense-in-depth. • Tune DLP policies to balance compliance enforcement with business usability, minimizing false positives while maintaining audit integrity. • Support audit readiness and evidence collection, including documentation of DLP configurations, labeling schemas, policy enforcement, and control mappings to NIST 800-171 and CMMC practices. • Collaborate with compliance, security operations, and engineering teams to remediate data handling gaps identified through assessments, audits, or incident response activities. Required Experience • Hands-on experience implementing Microsoft Purview DLP in regulated or compliance-driven environments. • Practical experience with sensitivity labels, encryption, content marking, and access restrictions. • Experience protecting CUI or similarly regulated data within Microsoft 365. • Strong understanding of how DLP and information protection map to CMMC Level 2 / NIST 800-171 requirements. • Experience supporting compliance audits or assessments with technical evidence and configuration artifacts. Preferred Experience • Experience in GCC or GCC High Microsoft environments. • Familiarity with Endpoint DLP, Insider Risk Management, or Information Governance features. • Experience integrating DLP with Defender for Endpoint, Microsoft Sentinel, or SOAR workflows. • Background working with DoD contractors or highly regulated industries. Work Environment - 100% Remote work environment with occasional (25%) travel to client sites CyberSheath is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, national origin, age, protected veteran status, among other things, or status as a qualified individual with a disability. Budgeted Pay Range $110,000—$135,000 USD
Job Requirements
- Hands-on experience implementing Microsoft Purview DLP in regulated or compliance-driven environments.
- Practical experience with sensitivity labels, encryption, content marking, and access restrictions.
- Experience protecting CUI or similarly regulated data within Microsoft 365.
- Strong understanding of how DLP and information protection map to CMMC Level 2 / NIST 800-171 requirements.
- Experience supporting compliance audits or assessments with technical evidence and configuration artifacts.
- Preferred Experience
- Experience in GCC or GCC High Microsoft environments.
- Familiarity with Endpoint DLP, Insider Risk Management, or Information Governance features.
- Experience integrating DLP with Defender for Endpoint, Microsoft Sentinel, or SOAR workflows.
- Background working with DoD contractors or highly regulated industries.
- Work Environment
- 100% Remote work environment with occasional (25%) travel to client sites.
- Budgeted Pay Range
- $110,000 — $135,000 USD
Related Guides
Related Categories
Related Job Pages
More Compliance Jobs
Compliance Specialist – Affordable Housing Experience Required
Melo AssociatesWe Focus on Customer Success and Professional Services
• Conduct audits on resident files to determine move-in eligibility according to funding restrictions. • Audits are conducted electronically via a secured web-based portal. • Some Compliance Specialists travel to conduct audits on premises at the client's location. • Training and continuing education are provided.
• Conduct customer due diligence (CDD) and enhanced due diligence (EDD) on individual and corporate clients of BTSE’s licensed entities. • Review and validate KYC/KYB documentation during onboarding and periodic reviews of clients from licensed jurisdictions. • Perform periodic reviews of higher-risk clients, ensuring documentation and risk profiles remain up to date. • Maintain clear and accurate documentation of compliance reviews and decisions in line with internal procedures. • Manage and respond to requests for information (RFIs) from internal teams and external partners. • Review and disposition transaction monitoring alerts in accordance with internal risk thresholds. • Review and disposition name screening alerts and escalate potential matches where required. • Monitor, assess, and escalate suspicious or unusual activity for further investigation. • Support investigations related to suspicious activity where required. • Assist in maintaining operational compliance procedures and case management workflows. • Support regulatory inquiries, audits, and internal compliance reviews as required. • Provide operational feedback on alert trends and potential control improvements.
• Act as BTSE Dubai’s principal contact for VARA, Central Bank of the UAE, FIU, and other relevant authorities. • Lead and manage all regulatory filings, notifications, inspections, and correspondence. • Ensure timely implementation of new or updated regulations, circulars, and guidance issued by VARA or other supervisory bodies. • Represent the firm in regulatory meetings and audits, ensuring all inquiries are addressed promptly and accurately. • Serve as the designated MLRO for the Dubai entity. • Oversee customer due diligence (CDD/KYC), transaction monitoring, sanctions screening, investigations, and suspicious transaction reporting in line with Federal Decree-Law No. (20) of 2018 and Cabinet Decision No. (10) of 2019. • Maintain and update the AML/CTF framework, including policies, procedures, and risk assessments tailored to the virtual asset sector. • Ensure all employees receive adequate AML/CTF and compliance training, including onboarding and annual refreshers. • Conduct periodic internal compliance reviews and testing to assess control effectiveness and recommend improvements. • Develop and maintain BTSE Dubai’s compliance policy framework, ensuring alignment with BTSE Group standards. • Provide strategic compliance and regulatory advice to management and product teams on new initiatives, business models, and partnerships. • Participate in risk committees, ensuring that compliance risks are properly identified, documented, and mitigated. • Oversee the data protection and regulatory reporting functions in collaboration with legal and risk counterparts. • Maintain detailed records of compliance monitoring activities, breaches, and remedial actions. • Prepare periodic compliance and AML reports for the Board and the Group Chief Compliance Officer. • Establish and track Key Compliance Indicators (KCIs) to measure program effectiveness. • Lead the annual review of the entity’s Risk Assessment and Compliance Monitoring Plan.
• Act as BTSE Turkiye’s principal contact for MASAK, the Central Bank of Turkey and other relevant authorities. • Lead and manage all regulatory filings, notifications, inspections, and correspondence. • Ensure timely implementation of new or updated regulations, circulars, and guidance issued by MASAK relevant to CASP operations. • Represent the firm in regulatory meetings and audits, ensuring all inquiries are addressed promptly and accurately. • Serve as the designated MLRO for the Turkiye entity. • Oversee customer due diligence (CDD/KYC), transaction monitoring, sanctions screening, investigations, and suspicious transaction reporting in line with Turkey’s AML/CFT laws. • Maintain and update the AML/CTF framework, including policies, procedures, and risk assessments tailored to the virtual asset sector. • Ensure all employees receive adequate AML/CTF and compliance training, including onboarding and annual refreshers. • Conduct periodic internal compliance reviews and testing to assess control effectiveness and recommend improvements. • Develop and maintain BTSE Turkiye’s compliance policy framework, ensuring alignment with BTSE Group standards. • Provide strategic compliance and regulatory advice to management and product teams on new initiatives, business models, and partnerships. • Participate in risk committees, ensuring that compliance risks are properly identified, documented, and mitigated. • Maintain detailed records of compliance monitoring activities, breaches, and remedial actions.
