CMMC Consultant

About The Position

Requirements

• Minimum 10 years of progressive experience in information technology, cybersecurity, risk management, or information security leadership.
• At least 5 years of experience providing strategic security guidance, security program management, compliance oversight, or executive-level cybersecurity leadership.
• At least 1 year of experience conducting CMMC readiness assessments, gap analyses, or compliance consulting aligned with DFARS 252.204-7012/7021 and NIST SP 800-171 requirements.
• Experience managing and advising organizations with complex IT environments, including cloud platforms, hybrid infrastructure, outsourced service providers, and integrated business systems.
• Strong knowledge of cybersecurity frameworks and regulatory requirements, such as NIST CSF, CIS Controls, ISO 27001, HIPAA, HITRUST, SOC 2, PCI-DSS, and other applicable standards.
• Demonstrated experience communicating cybersecurity risks, strategies, and recommendations to executive leadership, boards of directors, and key stakeholders.

Nice To Haves

• Current Cyber AB Registered Practitioner (RP) certification preferred; equivalent cybersecurity compliance certifications considered.
• Healthcare industry experience and knowledge of healthcare regulations, including HIPAA and HITECH, preferred.
• Bachelor’s degree in Information Security, Cybersecurity, Information Technology, Computer Science, Business Administration, or a related field preferred; Master’s degree in Cybersecurity, Information Systems, Business Administration (MBA), or a related discipline strongly preferred.
• Relevant industry certifications such as CISSP, CISM, CRISC, CGEIT, HCISPP, or equivalent strongly preferred.

Responsibilities

• Lead mock assessments, readiness reviews, and evidence validation activities to ensure organizations are prepared for formal compliance assessments, maintaining audit readiness scores of 80% or higher.
• Develop, maintain, and support compliance documentation, including System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), policies, procedures, and other required artifacts, ensuring milestones and deliverables are completed on time.
• Drive a positive client experience by achieving and maintaining target Customer Satisfaction (CSAT) scores as measured through project survey feedback.
• Build and maintain trusted advisor relationships with clients throughout their compliance readiness journey.
• Guide defense contractors and regulated organizations in achieving and maintaining CMMC compliance and assessment readiness.
• Conduct cybersecurity and compliance gap assessments against CMMC, NIST SP 800-171, and related frameworks.
• Assist clients in identifying, protecting, and managing Controlled Unclassified Information (CUI) within their environments.
• Develop and support remediation strategies, corrective action plans, and compliance roadmaps to address identified gaps.
• Collaborate with internal and client technical teams to validate security control implementation and ensure compliance requirements are effectively met.
• Translate complex regulatory and cybersecurity requirements into practical, actionable business and technical guidance.

Benefits

• Health, Dental & Vision Insurance (premiums paid up to 99% for employee coverage)
• Options include, PPO, HDHP, HMO and ACO
• Multiple carrier options
• FSA (dependent and medical), HSA options (for qualified plans) and supplemental insurance options
• $10,000 employer-paid Life Insurance & AD&D (employees have the option to buy up)
• Paid holidays
• Paid time off
• Paid sick leave
• Flexible “hybrid” work environment
• Retirement plan (401K)
• Professional training & development opportunities