Role Description We are seeking highly motivated and detail-oriented CMMC Level 2 Compliance Analysts to join our team. In this role, you will play a crucial part in guiding our partner PMEs through the complex CMMC Level 2 certification process. You will leverage your expertise in cybersecurity and compliance frameworks to review documentation, identify gaps, and provide essential guidance to ensure adherence to NIST SP 800-171 controls and CMMC requirements. This is a critical project with a significant impact on national security. Key Responsibilities: - Assist PMEs in the development and completion of their System Security Plans (SSPs). - Review PME-submitted evidence and documentation, including asset classification and boundary diagrams, to identify compliance gaps against CMMC Level 2 and NIST SP 800-171 controls. - Provide clear, actionable feedback and guidance to PMEs on interpreting complex cybersecurity controls and improving the quality and accuracy of their compliance documentation. - Collaborate with Cyber and GRC teams to streamline the SSP review process and address data accuracy issues. - Support PMEs in understanding and implementing the inheritance model for applicable controls. - Contribute to the establishment and maintenance of a monitoring and reporting framework for PME progress. - Potentially assist in developing targeted training or guidance materials to enhance PME cybersecurity expertise. - Maintain meticulous records of reviews, feedback, and PME progress. Qualifications - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent practical experience. - Proven experience in cybersecurity, GRC, or IT compliance roles. - Strong understanding of cybersecurity frameworks, particularly NIST SP 800-171 and the Cybersecurity Maturity Model Certification (CMMC) program, especially Level 2 requirements. - Experience with System Security Plans (SSPs) and their role in demonstrating compliance. - Ability to interpret and apply complex security controls and regulatory requirements. - Excellent analytical, problem-solving, and communication skills, with the ability to explain technical concepts to individuals with varying levels of cybersecurity expertise. - Detail-oriented with strong organizational skills and the ability to manage multiple tasks in a fast-paced environment. - U.S. Citizenship is required. Preferred Qualifications - Relevant certifications such as CMMC Certified Professional (CCP), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA). - Experience working with government contractors or within the Defense Industrial Base (DIB). - Familiarity with GRC software platforms. - Prior experience in a client-facing or resource augmentation role.

• Support the coordination, preparation, and delivery of regulatory submissions and lifecycle management (LCM) activities. • Assist in organizing submission team meetings (e.g., Kick-off Meetings) and follow up on agreed actions. • Coordinate, request, and track documentation from Subject Matter Experts (SMEs) to support submission readiness and timelines. • Support the preparation and maintenance of the Submission Content Plan (SCP) under the guidance of the RSC Lead. • Ensure timely dispatch of non-eCTD submission packages to LRRs and RPRs and track dispatched documentation per country. • Provide hands-on operational support for labeling activities. • Prepare annotated labeling documents for regulatory review. • Initiate and coordinate mock-up requests in the Artwork Management System. • Support change control activities related to local labeling updates. • Support the creation, maintenance, and accuracy of submission and regulatory records in regulatory systems.

• Coordinate the preparation, compilation, and submission of new drug applications and lifecycle management (LCM) activities • Coordinate closely with Regional Submission Coordinators to ensure completeness of core documentation required to support global and regional submission planning and requirements • Organize submission team meetings and facilitate effective communication among all stakeholders • Open required records in submission planning tools and Regulatory Information Management Systems • Prepare Submission Content Plans (SCP) based on country-specific regulatory requirements • Coordinate, request, and track documentation from relevant SMEs to ensure timely and complete submission readiness • Provide regular updates to the submission team on status and timelines • Draft M1 documents as required and coordinate their review • Support labeling preparation, notably in Artwork management system and change control system

Title: Risk and Compliance Analyst Location: Remote, USA Job Description: Full-time Clearance Requirement: None Company Description Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide. Job Description *This position is contingent upon award of contract* SOSi is seeking a Risk and Compliance Analyst to support mission requirements for a structured approach to further develop, integrate, and sustain a scalable, federated data ecosystem that enhances interoperability, governance, and mission-driven analytics for a DoD customer. The primary objective of the program is to bridge the operational gaps between DoD, IC, interagency, and non-traditional international partners to enable real-time information sharing, dynamic data integration, and mission-tailored analytical capabilities. Essential Job Duties: - The contractor shall ensure compliance with DoD, Intelligence Community (IC), and federal acquisition guidelines, conducting periodic risk assessments and governance reviews. - The contractor shall develop and maintain compliance tracking documentation, ensuring the program adheres to relevant security, operational, and financial regulations. - The contractor shall submit a quarterly Regulatory Compliance & Risk Assessment Report, identifying risks, compliance gaps, and corrective action plans. Qualifications - Bachelor's degree in Engineering, Information Systems, or a related field, OR Five (5) years of equivalent experience in requirements analysis. - Knowledge and capability to conduct requirements analysis, capability-based assessments, and documentation to support the transition of the program into a DoD Program of Record. - Proficient in JCIDS, requirements management tools, and stakeholder engagement to define and validate operational needs. - Strong analytical and technical writing skills. - Demonstrated experience in developing requirements documentation, conducting gap analyses, and aligning program objectives with DoD acquisition frameworks. - Experience with requirements traceability matrices, capability development documentation, and DoD governance processes is required. Preferred Qualifications: - Desirable but not required certifications include Lean Six, PMP, Certified Scrum Product Owner (CSPO), INCOSE Systems Engineering Professional, or CBAP. Additional Information Working Conditions - Off-site/Remote Working at SOSi All interested individuals will receive consideration and will not be discriminated against for any reason. SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.