Job Specifications
Title: Senior Cybersecurity Governance, Risk & Compliance (GRC) and Cyber Operations Specialist
Employment Type: Full-time
Location: Hybrid, 4 days per week in Washington DC
FLSA: Exempt
Position Summary
Brighton Marine and its subsidiary, the US Family Health Plan of Southern New England (USFHP), are seeking an experienced Cybersecurity Governance, Risk & Compliance (GRC) and Cyber Operations Specialist to design, implement, and sustain a full CMMC Level 2–aligned cybersecurity program. Reporting to the Chief Information Officer, this role combines policy and compliance development with limited hands-on cyber operational support such as vulnerability tracking, log analysis, evidence generation, and audit readiness. The ideal candidate has significant federal cybersecurity experience, deep knowledge of CMMC Level 2 and NIST SP 800-171 requirements, and the ability to operationalize cybersecurity controls across a complex healthcare and DoD-adjacent environment.
Key Responsibilities
CMMC Governance, Risk & Compliance Program Development
Conduct full CMMC Level 2 gap assessments, including technical, documentation, and evidence requirements.
Develop or refresh the complete suite of CMMC Level 2 policies, procedures, SOPs, standards, and artifacts.
Establish and maintain evidence-generation processes, compliance workflows, and control owner mappings.
Create and maintain the CMMC compliance boundary, including enclave definitions and trust boundary diagrams.
Build or update all required cybersecurity documentation, including:
System Security Plan (SSP)
Network / data flow / trust boundary diagrams
Control implementation statements
POA&M and risk register
Incident Response Plan & playbooks
Disaster Recovery & Continuity of Operations documents
Configuration baselines and hardening guides
Audit & assessment plans
CMMC Implementation & Operationalization
Implement assigned cybersecurity controls and develop repeatable processes to achieve and maintain CMMC compliance.
Establish operational workflows to support evidence generation, logging, monitoring, MFA, RBAC, vulnerability management, and configuration management.
Integrate cybersecurity controls with IT service delivery processes (e.g., onboarding, offboarding, patch cycles).
CMMC Sustainment & Assessment Readiness
Maintain and continuously improve the CMMC Level 2 control environment.
Perform recurring control checks, evidence collection, and documentation updates.
Support annual self-assessments and external C3PAO assessments.
Maintain a live POA&M and coordinate remediation and risk mitigation efforts.
Produce quarterly risk posture reports and recurring GRC reporting.
Limited Cyber Operations Support
Track vulnerabilities, coordinate patching, and support remediation planning.
Review and analyze security logs within SIEM tools for anomalies or potential security events.
Provide triage and support for low/medium severity incidents; participate in IR exercises.
Maintain configuration baselines, control mappings, and support security change management.
Support audit and evidence binder refresh cycles.
Qualifications
Education & Experience
5+ years of experience in Federal Cybersecurity, GRC, CMMC, or NIST SP 800-171 environments.
Hands-on experience supporting DoD, DHA, VA, or other federal agencies.
Strong understanding of:
CMMC Level 2 / NIST SP 800-171
DFARS 252.204-7012
FedRAMP, C3PAO readiness, and federal compliance frameworks
Experience with:
SIEM platforms
Vulnerability management tools
Logging and monitoring systems
Incident response processes
Licensure & Certifications
CISSP (preferred)
CISM (preferred)
Security+ (preferred)
CCAK (preferred)
Other federal cybersecurity or audit certifications
Skills & Competencies
Ability to write and maintain policies, SOPs, and comprehensive security documentation.
Strong communication skills and the ability to work with technical and executive stakeholders.
Must be able to obtain U.S. Government personnel security clearance as a condition of employment.
Must comply with DFARS 252.204-7012, NIST SP 800-171, and CMMC Level 2 requirements.
Must handle, store, and protect CUI in accordance with federal requirements.
Contractor/employee systems accessing CUI must meet CMMC Level 2 requirements.
Physical Nature of the Job
Some elements of the job are sedentary, but the employee will be required to stand for periods of time or move throughout the campus.
Equal Opportunity Employer Statement
Brighton Marine is an Equal Opportunity Employer. We prohibit discrimination and harassment of any kind based on race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, age, disability, genetic information, protected veteran status, or any other characteristic protected by federal, state, or local law. We strongly encourage applications from veterans, transitioning service members, and individuals with disabilities. Accommodations are available upon re