Support compliance with government security requirements, conduct assessments, develop remediation plans, and document security requirements using a GRC platform.
Description
At CDW, we make it happen, together. Trust, connection, and commitment are at the heart of how we work together to deliver for our customers. It's why we're coworkers, not just employees. Coworkers who genuinely believe in supporting our customers and one another. We collectively forge our path forward with a level of commitment that speaks to who we are and where we're headed. We're proud to share our story and Make Amazing Happen at CDW.
* Job Summary
* As a Sr. Government Compliance Analyst, you will support CDW's Global Information Security organization in maintaining continuous compliance with Cybersecurity Maturity Model Certification (CMMC), NIST 800‑171, and related government security requirements. You will perform detailed technical, documentation, and evidence‑gathering activities to support assessments, audits, and system onboarding. This includes developing remediation plans, validating control execution, documenting system architectures and connections, reviewing contractual security requirements, and ensuring accurate compliance records in the GRC platform. Your work directly contributes to audit readiness, risk reduction, and the overall effectiveness of CDW's Security Risk Management program.
* What you will do:
* Work with control owners to ensure timely execution and effectiveness of controls.
* Conduct interviews for security controls and collect objective evidence for compliance assessment.
* Develop and update Operational Plan of Action (OPA) to address gaps and compliance issues.
* Remediate findings, track progress, and reassess post-remediation.
* Draft, update, and finalize System Security Plan (SSP) for systems in scope and new systems under evaluation.
* Use the GRC platform to manage controls effectiveness status, documentation, and evidence.
* Update or create policies and procedures to support compliance.
* Develop detailed architecture and data flow diagrams for all in-scope systems.
* Review and document all connections (APIs, ports, protocols, services) for in-scope systems and physical locations.
* Identify and document all external and cloud service providers associated with in-scope environments.
* Review Government contracts and RFPs to identify obligations, assess feasibility, and ensure security requirements are met before commitment.
* Independently review and revise information security clauses in customer and vendor contractual agreements to ensure compliance with company policies.
* Perform other work as assigned to support overall Security Risk Management team objectives.
* What we expect of you:
* Bachelor's degree with 5 years of experience in security risk management, audit, or compliance, or related roles, to include 2-year hands on experience with CMMC Level 2, NIST SP 800-171, or similar frameworks, OR
* 9 years of total Information Technology experience including 5 years of experience in security risk management, audit, compliance or related roles, to include 2-year hands on experience with CMMC Level 2, NIST SP 800-171, or similar frameworks.
* Experience with SSP, documentation and remediation activities, and compliance evidence gathering.
* Experience with architecture documentation and data flow diagrams.
* Understanding of APIs, ports, protocols, and system interconnections.
* Knowledge of cloud service provider compliance requirements.
* We value experience, skills, drive, aptitude, and attitude towards university degrees and certifications.
* Strong analytical, documentation, critical thinking, and problem-solving skills.
* Strong attention to detail and ability to understand legal requirements in contracts.
* Ability to conduct interviews and communicate effectively with technical and non-technical stakeholders.
* CCMC Certified Professional (CCP), CCA, CISSP, CISA or similar compliance/security certifications, a plus.
* Master's degree, a plus. This role requires access to Controlled Unclassified Information (CUI), as well as information subject to U.S. export-control laws such as the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR). Under these laws and applicable data security requirements in CDW's U.S. government contracts, CDW must assess whether individuals in this role are legally permitted to access export-controlled technical data and certain categories of CUI. After CDW extends a conditional offer of employment, you will be asked to provide information and/or documentation needed to determine whether you are a "U.S. Person" as defined under ITAR (U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee) or otherwise eligible for authorized access under applicable federal regulations, including U.S. government contract requirements for restricted or export-controlled CUI and related personnel-screening obligations.
* We make technology work so people can do great things.
* CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada. A Fortune 500 company and member of the S&P 500 Index, CDW helps its customers to navigate an increasingly complex IT market and maximize return on their technology investments. Together, we unite. Together, we win. Together, we thrive. CDW is an equal opportunity employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status or any other basis prohibited by state and local law. CDW is committed to fostering an equitable, transparent, and respectful hiring process for all applicants. During our application process, CDW's goal is to get to know you as an applicant and understand your experience, strengths, skills, and qualifications. While AI can help you present yourself more clearly and effectively, the essence of your application should be authentically yours. To learn more, please review [CDW's AI Applicant Notice](https://www.cdwjobs.com/pages/ai-applicant-notice).
At CDW, we make it happen, together. Trust, connection, and commitment are at the heart of how we work together to deliver for our customers. It's why we're coworkers, not just employees. Coworkers who genuinely believe in supporting our customers and one another. We collectively forge our path forward with a level of commitment that speaks to who we are and where we're headed. We're proud to share our story and Make Amazing Happen at CDW.
* Job Summary
* As a Sr. Government Compliance Analyst, you will support CDW's Global Information Security organization in maintaining continuous compliance with Cybersecurity Maturity Model Certification (CMMC), NIST 800‑171, and related government security requirements. You will perform detailed technical, documentation, and evidence‑gathering activities to support assessments, audits, and system onboarding. This includes developing remediation plans, validating control execution, documenting system architectures and connections, reviewing contractual security requirements, and ensuring accurate compliance records in the GRC platform. Your work directly contributes to audit readiness, risk reduction, and the overall effectiveness of CDW's Security Risk Management program.
* What you will do:
* Work with control owners to ensure timely execution and effectiveness of controls.
* Conduct interviews for security controls and collect objective evidence for compliance assessment.
* Develop and update Operational Plan of Action (OPA) to address gaps and compliance issues.
* Remediate findings, track progress, and reassess post-remediation.
* Draft, update, and finalize System Security Plan (SSP) for systems in scope and new systems under evaluation.
* Use the GRC platform to manage controls effectiveness status, documentation, and evidence.
* Update or create policies and procedures to support compliance.
* Develop detailed architecture and data flow diagrams for all in-scope systems.
* Review and document all connections (APIs, ports, protocols, services) for in-scope systems and physical locations.
* Identify and document all external and cloud service providers associated with in-scope environments.
* Review Government contracts and RFPs to identify obligations, assess feasibility, and ensure security requirements are met before commitment.
* Independently review and revise information security clauses in customer and vendor contractual agreements to ensure compliance with company policies.
* Perform other work as assigned to support overall Security Risk Management team objectives.
* What we expect of you:
* Bachelor's degree with 5 years of experience in security risk management, audit, or compliance, or related roles, to include 2-year hands on experience with CMMC Level 2, NIST SP 800-171, or similar frameworks, OR
* 9 years of total Information Technology experience including 5 years of experience in security risk management, audit, compliance or related roles, to include 2-year hands on experience with CMMC Level 2, NIST SP 800-171, or similar frameworks.
* Experience with SSP, documentation and remediation activities, and compliance evidence gathering.
* Experience with architecture documentation and data flow diagrams.
* Understanding of APIs, ports, protocols, and system interconnections.
* Knowledge of cloud service provider compliance requirements.
* We value experience, skills, drive, aptitude, and attitude towards university degrees and certifications.
* Strong analytical, documentation, critical thinking, and problem-solving skills.
* Strong attention to detail and ability to understand legal requirements in contracts.
* Ability to conduct interviews and communicate effectively with technical and non-technical stakeholders.
* CCMC Certified Professional (CCP), CCA, CISSP, CISA or similar compliance/security certifications, a plus.
* Master's degree, a plus. This role requires access to Controlled Unclassified Information (CUI), as well as information subject to U.S. export-control laws such as the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR). Under these laws and applicable data security requirements in CDW's U.S. government contracts, CDW must assess whether individuals in this role are legally permitted to access export-controlled technical data and certain categories of CUI. After CDW extends a conditional offer of employment, you will be asked to provide information and/or documentation needed to determine whether you are a "U.S. Person" as defined under ITAR (U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee) or otherwise eligible for authorized access under applicable federal regulations, including U.S. government contract requirements for restricted or export-controlled CUI and related personnel-screening obligations.
* We make technology work so people can do great things.
* CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada. A Fortune 500 company and member of the S&P 500 Index, CDW helps its customers to navigate an increasingly complex IT market and maximize return on their technology investments. Together, we unite. Together, we win. Together, we thrive. CDW is an equal opportunity employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status or any other basis prohibited by state and local law. CDW is committed to fostering an equitable, transparent, and respectful hiring process for all applicants. During our application process, CDW's goal is to get to know you as an applicant and understand your experience, strengths, skills, and qualifications. While AI can help you present yourself more clearly and effectively, the essence of your application should be authentically yours. To learn more, please review [CDW's AI Applicant Notice](https://www.cdwjobs.com/pages/ai-applicant-notice).
Top Skills
APIs
Cloud Service Provider Compliance
Cmmc
Documentation
Grc Platform
Nist 800-171
Ssp
Similar Jobs at CDW
Information Technology
The Sr. Security Engineer I leads incident response, threat detection, and engineering, managing investigations, enhancing detection capabilities, and mentoring analysts.
Top Skills:
Crowdstrike XdrDnsEdrFirewallsIdentity LogsMicrosoft Azure Active DirectoryMicrosoft DefenderMicrosoft SentinelPalo Alto XsiamPowershellPythonSIEMSplunk
Information Technology
The Sr Splunk Engineer will design, implement, and manage Splunk solutions for data analysis and monitoring, ensuring optimal system performance and security through upgrades and maintenance.
Top Skills:
Data Onboarding ProcessesRegular ExpressionsSearch Processing Language (Spl)Splunk
Information Technology
The CMSA develops security solutions for clients, provides consultative guidance, manages relationships, and collaborates with internal teams to drive Managed Services growth.
Top Skills:
ArubaCiscoConverged/Hyperconverged SystemsCrowdstrikeEndpoint ManagementExabeamFortinetAzureMicrosoft SecurityPalo AltoSd-WanStorage
What you need to know about the Boston Tech Scene
Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories
