CMMC / NIST Consultant / Analyst

About The Position

Requirements

• 3-5 years of relevant experience in GRC, cybersecurity compliance, or related consulting work
• Hands-on experience with CMMC-related work (Required)
• Experience working with SSPs, policies, procedures, evidence collection, and remediation documentation (Required)
• Familiarity with NIST SP 800-171, NIST SP 800-53, and FedRAMP
• Strong writing and documentation skills
• Ability to work independently in a remote environment
• Strong organization, follow-through, and professionalism in client-facing work
• Comfort stepping into active projects and supporting delivery work with minimal hand-holding
• Authorized to work in the U.S.
• Able to pass a background check
• Reliable high-speed internet and a secure remote work setup

Nice To Haves

• Experience supporting CMMC Level 2 efforts
• Experience with CUI scoping, enclaves, or boundary discussions
• Familiarity with POA&Ms, assessment readiness, and control crosswalks
• Certifications such as CCP, CCA, CISSP, CISM, or CISA

Responsibilities

• Support client engagements related to CMMC readiness, implementation, and documentation
• Develop, update, and maintain System Security Plans (SSPs)
• Assist with NIST SP 800-171, NIST SP 800-53, and FedRAMP documentation, control mapping, and related deliverables
• Gather, organize, and review evidence supporting control implementation
• Draft and refine control narratives, policies, procedures, and related compliance documentation
• Identify gaps and support development of POA&Ms and remediation tracking
• Work with client stakeholders to collect information, validate details, and keep deliverables moving
• Contribute to readiness efforts tied to assessments, documentation, and ongoing compliance activities