CMMC Certified Assesor (CCA)

Insight Assurance

1d•Remote

About The Position

We are seeking a highly qualified CMMC Certified Assessor (CCA) to lead and execute cybersecurity compliance assessments for defense contractors and suppliers handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The ideal candidate will possess deep knowledge of the Cybersecurity Maturity Model Certification (CMMC) 2.0, NIST SP 800-171, and DFARS 252.204-7012 requirements. This role will be responsible for conducting readiness assessments, formal CMMC evaluations, and remediation support for clients across the Defense Industrial Base (DIB). The assessor will play a key role in helping organizations achieve and maintain compliance with DoD cybersecurity requirements.

Requirements

Active CMMC Certified Assessor (CCA) credential issued by The Cyber AB (Cyber Accreditation Body).
CCP-level candidates currently progressing toward CCA may be considered for certain roles.
U.S. Citizenship (required for DoD-related engagements).
5+ years of professional experience in cybersecurity, compliance, or audit within regulated or defense-related environments.
In-depth understanding of CMMC 2.0, NIST SP 800-171/172, and DFARS 252.204-7012/7019/7020 requirements.
Proven experience conducting technical security assessments, gap analyses, and compliance reviews.
Strong analytical, organizational, and written communication skills.
Ability to manage multiple concurrent assessments and client engagements independently.

Nice To Haves

Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related discipline (or equivalent work experience).
Additional certifications such as CISSP, CISM, CISA, CAP, or Security+.
Experience working for or with a Certified Third-Party Assessment Organization (C3PAO).
Familiarity with government cloud environments (e.g., Microsoft GCC High, AWS GovCloud).
Active or previously held DoD security clearance (Tier 3 or above).

Responsibilities

Lead and/or participate as a CMMC Certified Assessor (CCA) in official CMMC assessments and readiness reviews for Level 1 and Level 2 certifications under CMMC 2.0.
Perform gap analyses comparing client environments against CMMC, NIST SP 800-171/172, and other relevant frameworks.
Review, validate, and document compliance artifacts including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), security policies, and technical evidence.
Conduct stakeholder interviews, review control implementations, and determine compliance status for required practices and processes.
Provide detailed assessment reports, identifying findings, risks, and actionable recommendations for remediation.
Collaborate with client teams (IT, InfoSec, Risk, Audit) to build and execute remediation plans that support certification readiness.
Stay current with evolving DoD cybersecurity requirements, CMMC 2.0 program updates, and related standards (e.g., NIST CSF, ISO 27001).
Communicate assessment results effectively to technical and executive audiences, including C-suite and compliance leadership.
Mentor junior team members and contribute to continuous improvement of the company’s CMMC assessment methodology and templates.