Two Five · 1 day ago
Cybersecurity Compliance Analyst
Washington, DC
Full-time
Onsite
Entry Level
1+ years expTwo Five is a cybersecurity and automation solutions firm that helps organizations operate smarter, scale faster, and grow securely. The Compliance Analyst will support managed compliance programs for defense contractors and regulated organizations, focusing on evidence collection, control validation, and audit preparation to ensure clients remain audit-ready throughout the year.
Information Technology & Services
Responsibilities
Collect and organize evidence for 110 CMMC 2.0 L2 controls across multiple client environments
Perform control testing and validation to verify implementation effectiveness
Document findings, gaps, and observations in compliance automation platforms (Drata)
Maintain evidence repositories and ensure artifacts are current and complete
Track control status and remediation progress
Update and maintain compliance documentation including policies, procedures, and security artifacts
Manage POA&M tracking and remediation status
Ensure documentation aligns with CMMC 2.0 and client-specific requirements
Organize and prepare documentation packages for audits and assessments
Keep compliance platforms (Drata) updated with current evidence and status
Serve as day-to-day point of contact for routine compliance requests
Coordinate evidence requests with client personnel
Schedule and facilitate compliance check-ins and evidence collection sessions
Respond to client questions about control requirements and evidence needs
Escalate complex issues or gaps to the Program Manager
Support mock assessments and readiness reviews
Prepare evidence packages for C3PAO assessments
Assist with audit coordination and evidence presentation
Track and document assessment findings and remediation items
Identify opportunities to streamline evidence collection and documentation
Help build templates, checklists, and standard operating procedures
Recommend automation or tooling improvements to increase efficiency
Contribute to knowledge base and internal compliance resources
Qualification
Required
1-3 years in compliance, risk management, audit, or related role (or strong internship/academic background)
Working knowledge of at least one compliance framework (NIST 800-171, CMMC, SOC 2, ISO 27001, or similar)
Strong attention to detail and organizational skills
Comfortable working with technical documentation and security controls
Proficiency with Microsoft Office and ability to learn compliance platforms quickly
Clear written and verbal communication skills
Self-motivated and able to manage multiple client workstreams
Preferred
Familiarity with NIST 800-171 or CMMC 2.0 requirements
Experience with compliance management tools (Drata, Vanta, OneTrust, etc.)
Understanding of GCC-High, Microsoft 365, or government cloud environments
Background in IT, cybersecurity, or information systems
Experience supporting audits or assessments
Relevant certifications (Security+, SSCP, or framework-specific credentials)
Benefits
Competitive salary commensurate with experience
In-person collaborative work environment in Washington, DC
Direct mentorship from experienced compliance practitioners
Hands-on experience with multiple compliance frameworks and real client engagements
Opportunity to grow into senior compliance or program management roles
Work with mission-focused defense contractors and government clients
Small team where you'll have visibility into all aspects of the business
Culture that values productivity, problem-solving, and continuous improvement
Company
Two Five
Two Five is a cybersecurity and automation solutions firm that helps organizations operate smarter, scale faster, and grow securely.
11-50 employees
Funding
Current Stage
Early StageCompany data provided by crunchbase