Compliance Specialist

Department: Security & Compliance
Reports to: Director of Compliance
Job Description
Winsor Consulting Group is seeking a detail-oriented Compliance Specialist to support the execution and delivery of client-facing compliance engagements. This role is responsible for developing structured documentation, supporting governance, risk, and compliance (GRC) initiatives, and assisting clients in achieving and maintaining CMMC and other regulatory compliance requirements.
This position is ideal for a hands-on compliance professional with experience in NIST-based frameworks who thrives in documentation rigor, CUI flow analysis, structured evidence management, and implementation support within an MSP environment. The Compliance Specialist plays a critical role in ensuring clients are audit-ready, properly scoped, and aligned with federal cybersecurity requirements.
Job Duties:
-
Support CMMC Level 1 and Level 2 readiness assessments, including control validation and gap analysis.
-
Conduct CUI flow discovery sessions to identify how Controlled Unclassified Information (CUI) is processed, stored, and transmitted within client environments.
-
Develop and maintain formal CUI Flow Diagrams and data flow documentation aligned to defined CMMC assessment scope boundaries.
-
Assist in defining CMMC assessment scope based on documented CUI flows and asset categorization.
-
Develop and maintain System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), policies, standards, and structured compliance documentation.
-
Assist in translating CMMC and NIST SP 800171 requirements into actionable administrative and technical controls.
-
Conduct control walkthroughs and collect objective evidence aligned to NIST SP 800171A assessment objectives.
-
Track remediation activities and support structured POA&M management through to closeout.
-
Perform crossframework control mapping for CMMC, HIPAA, and CJIS where applicable.
-
Maintain compliance evidence repositories and ensure documentation accuracy, completeness, and version control.
-
Collaborate with engineering teams to validate implementation of technical safeguards supporting regulatory requirements.
-
Assist with thirdparty assessment coordination, including preparation for C3PAO engagements.
-
Support clientfacing meetings and provide compliance status reporting under the direction of the Director of Compliance.
-
Monitor regulatory updates and assist in updating internal compliance templates and methodologies.
-
Contribute to standardized compliance delivery processes and internal quality assurance efforts.
Preferred Skills:
-
Strong working knowledge of CMMC 2.0 and NIST SP 800171 requirements.
-
Experience developing SSPs, POA&Ms, CUI flow diagrams, and formal security policies aligned to federal frameworks.
-
Familiarity with evidence collection and documentation practices supporting audit readiness.
-
Ability to perform crossframework control mapping (CMMC ↔ HIPAA ↔ CJIS).
-
Strong documentation, analytical, and organizational skills.
-
Working understanding of security technologies (e.g., MFA, logging, encryption, vulnerability management) and their role in compliance.
-
Ability to clearly communicate compliance requirements to technical and nontechnical stakeholders.
-
Experience working within an MSP or consulting environment preferred.
Experience:
-
37 years of experience in cybersecurity compliance, risk management, or governance.
-
Direct experience supporting CMMC or NIST SP 800171 implementations preferred.
-
Experience conducting CUI flow identification and documenting system scope boundaries.
-
Experience drafting and maintaining formal security documentation.
-
Experience supporting external audits or regulatory assessments preferred.
-
Experience supporting DoD contractors or other regulated environments highly preferred.
Preferred Certifications:
Relevant professional certifications such as CMMC RP, CCP, CompTIA Security+, CySA+, or similar foundational security certifications.