Certified CMMC Assessor

About The Position

Requirements

• 7–10 years of experience in Cybersecurity, IT audit or assessments, Risk management and compliance, Information security program management.
• 3–5 years in a lead role involving assessments, audits, or compliance programs, with decision-making authority over control evaluation.
• Experience working with or within 3PAOs or accredited assessment bodies.
• Familiarity with federal frameworks such as FedRAMP.
• Familiarity with DFARS 252.204-7012 (Safeguarding) and DFARS 252.204-7021 (CMMC Requirements).
• Experience assessing complex environments (cloud, hybrid, MSPs, enclaves).
• Strong judgment and decision-making authority.
• Deep expertise in control evaluation and evidence validation.
• Ability to assess ambiguous or partially implemented controls.
• Executive-level communication and stakeholder engagement.
• High ethical standards and professional integrity.
• Must avoid conflicts of interest in accordance with applicable CMMC ecosystem expectations.

Responsibilities

• Lead formal CMMC assessments.
• Support readiness and pre-assessment advisory engagements, maintaining independence and objectivity.
• Perform assessment leadership, control evaluation, and final compliance determinations.
• Ensure adherence to the CMMC Assessment Process (CAP).
• Lead or support readiness reviews and mock assessments.
• Evaluate organizational preparedness for CMMC certification.
• Provide guidance on certification boundary definition, control implementation expectations, policy and procedure development and evaluation, and evidence sufficiency and documentation quality.
• Identify risks that may impact assessment outcomes.
• Understand technical solutions to stratify control implantation.