Data Compliance Analyst (CMMC) at International Marine and Industrial Applicators, LLC

IMIA,LLC is the only national marine surface preparation painting contractor servicing every U.S. Port with a mobile full time workforce that ensures that a quality product is delivered on time every time. IMIA, LLC has the equipment, seasoned deckplate supervision and mechanics, as well as rigorous corporate safety and quality programs and financial strength to support our customer's preservation needs in a truly superior and comprehensive fashion.
IMIA, LLC offers a comprehensive benefit package to eligible employees. Eligible employees may enroll in:
•Health

•Dental

•Vision

•Life

•LTD

•Accident

•Critical Illness

•401k
Employees and their household members are also eligible to participate in the company's Employee Assistance Program.
Per Diem OR Dislocation Allowance may be provided to eligible employees to reimburse some or all of the cost an employee might be reasonably expected to incur for lodging, meals, and incidental expenses while traveling out of town for work.

IMIA, LLC is an equal opportunity employer and provides equal employment opportunities (EEO) to all employees regardless of race, color, religion, gender, gender identity or expression, national origin, sexual orientation, age, sex, disability status, marital status, status as a covered veteran, genetics, or any other protected groups under state, federal or local Equal Opportunity Laws. This policy applies to all terms and conditions of employment including but not limited to hiring, placement, promotion, termination, layoff, recall, transfer, leave of absence, compensation, and training.

Armada Parent Inc., the parent entity to IMIA, LLC, is seeking a Data Compliance Analyst (CMMC). The person in this role will collaborate with various stakeholders including IT, HR, Legal, Security and business units to ensure continuous compliance with NIST SP 800-171 and similar standards required for the storage and protection of Sensitive Information on Non-Federal systems.

TITLE: Data Compliance Analyst (CMMC)

LOCATION: This role will be headquartered in VA. This position can be remote from anywhere in the US

REPORTS TO: Director of Security

FLSA STATUS: Non-Exempt

FT / PT STATUS: Full Time

SUMMARY

The Data Compliance Analyst (CMMC) ensures that organizational data practices comply with internal policies, industry standards, and regulatory requirements. This role involves monitoring data usage, assisting in the categorization of data, conducting internal audits for compliance with data protection and data privacy standards, assessing data-related risks, and collaborating with cross-functional teams including but not limited to IT, Security, HR, and business units to implement appropriate data protection and data privacy strategies. The analyst plays a critical role in the company’s efforts to safeguard sensitive information and maintain the integrity of data governance policies and industry-standard security control frameworks, such as those governing data classification and access management

The Data Compliance Analyst CMMC)’s primary focus is on continuous compliance related to CMMC requirements including the adherence to NIST SP 800-171.

ESSENTIAL DUTIES & RESPONSIBILITIES

• Compliance Monitoring & Auditing
  • Perform continuous compliance monitoring against CMMC Level 1 and Level 2 requirements, including periodic checks of implemented practices and supporting evidence.

• Plan and execute internal assessments (self-assessments) of selected security controls, systems, and processes to verify alignment with contractual and regulatory requirements (e.g., FAR/DFARS and applicable flow-downs).
• Review access provisioning and changes for environments that store, process, or transmit FCI/CUI; validate least privilege and proper authorization documentation.
• Track audit observations and nonconformities, validate corrective actions, and perform follow-up testing to confirm effective remediation.
• Support external assessments by coordinating evidence collection, facilitating assessor requests, and ensuring timely responses to audit inquiries.

• Policy Development & Enforcement
  • Draft, update, and maintain data safeguarding policies, standards, and procedures aligned to CMMC L1/L2, NIST 800-171 practices (where applicable), and contractual requirements.
  • Translate compliance requirements into actionable controls and operational guidance for IT, Security, and business teams (e.g., access control, media protection, incident reporting, configuration and change control).
  • Support policy rollout by coordinating approvals, publishing updates, and ensuring policies are communicated, acknowledged, and followed across the enterprise.
  • Monitor compliance with policies and standards; document exceptions and work with stakeholders to implement compensating controls or remediation plans.
• Risk Assessment & Mitigation
  • Identify, assess, and document compliance risks related to FCI/CUI handling, system boundaries, access, storage locations, and third-party/vendor services.
  • Maintain and track Plans of Action & Milestones (POA&Ms), including owners, due dates, milestones, and evidence of closure.
  • Partner with IT/Security to evaluate vulnerabilities, incidents, and control gaps; recommend mitigations and validate that changes reduce risk without introducing compliance issues.
  • Participate in risk assessments for new tools, systems, or processes that may introduce or expand FCI/CUI exposure.
• Training & Awareness
  • Develop and deliver role-based guidance for personnel who handle or may encounter FCI/CUI, including secure handling, marking, storage, transmission, and reporting requirements.
  • Coordinate recurring compliance awareness activities (e.g., annual training, targeted refreshers, and communications tied to policy changes or audit findings).
  • Promote a culture of compliance by advising teams on “how to do it right” and helping resolve day-to-day questions regarding data safeguarding controls.
• Documentation & Reporting
  • Maintain CMMC audit-ready documentation, including evidence repositories, control implementation narratives, and traceability between requirements, procedures, and artifacts.
  • Maintain and update the company’s Data Security Plan (DSP), System Security Plans (SSPs), and related continuous-compliance records for CMMC Level 1 and Level 2 readiness.
  • Maintain compliance trackers and metrics (e.g., assessment schedules, findings, POA&Ms, evidence aging) and provide status reporting to leadership.
  • Support change management by performing data impact analyses to identify FCI/CUI touchpoints and required control updates before changes are implemented.
  • Prepare compliance reports and responses for internal stakeholders, customers, and auditors/regulators as needed.
• Collaboration & Support
  • Partner with IT, Security, HR, Legal, Contracts, and business units to implement and sustain data safeguarding controls across people, process, and technology.
  • Coordinate with system owners and data custodians to define and maintain system boundaries, data flows, and authorized repositories for FCI/CUI.
  • Provide day-to-day compliance support by answering questions, reviewing proposed solutions for compliance impact, and escalating concerns or risks.
  • Support vendor/third-party compliance efforts by collecting required documentation and coordinating risk reviews for suppliers with access to company data or systems.
• Perform other related duties as assigned.

SUPERVISORY RESPONSIBILITY

• None

KNOWLEDGE, SKILLS, ABILITIES & ATTRIBUTES

• Excellent knowledge of data classification, categorization, and protection standards.
• Strong analytical and problem-solving skills.
• Ability to interpret and apply federal regulations and standards.
• Effective communication and training skills.
• Familiarity with GRC (Governance, Risk, and Compliance) tools.
• Proficiency in Microsoft 365, SharePoint, and other secure collaboration platforms.
• Familiarity with Access Control procedures related to Physical Security.

EDUCATION AND EXPERIENCE

• Bachelors degree in Information Systems, Data Management, or a related field; or relevant experience in lieu of degree.
• 3-6 years of experience in data compliance, data governance, risk management, or information technologies.
• Understanding of data protection and data privacy laws and regulations tied to storing sensitive information (e.g. PII, PHI, FCI, CUI, CTI, CDI, etc.) on non-Federal systems including CMMC-related rules and requirements.

WORKING CONDITIONS / PHYSICAL REQUIREMENTS

• Most work is conducted indoors in an office environment, remote work available with Manager approval
• Must be able to sit for prolonged periods of time at a desk; must be able to view computer screen for prolonged periods of time; must be able to enter data using keyboard accurately and efficiently
• Must be able to communicate effectively via phone and email with personnel at remote job sites
• Must be able to lift, carry, push, pull up to 10 pounds at times on an infrequent basis.
• Standard business hours, with occasional changes to meet deadlines ot support audits
• Occasional travel required to support on-site audits and other compliance activities

EQUIPMENT USED

• Physical: Computers, laptops, tablets, cellphones, and peripheral devices (e.g., copiers, scanners, printers, etc.).
• Software: Microsoft 365 (Outlook, Word, Excel, PowerPoint), Mocrosoft Teams, Sharepoint, SQL Server and Microsoft Access

*This is a general list and is not all inclusive.

REASONABLE ACCOMMODATIONS

• Accommodations may be made to enable qualified individuals with disabilities to perform essential job functions