Practice Manager, Director, Principal (NIST/CMMC)

About The Position

Requirements

• Cyber Risk and Compliance Domain Expertise
• 5–8+ years of experience in IT security controls testing and documentation, including responsibility for managing and overseeing client control testing efforts.
• 5+ years of experience leading and coordinating external and internal audit activities, including DFARS, CMMC, NIST 800-53, or similar regulatory assessments.
• 5+ years of experience producing high-quality technical documentation, compliance deliverables, and executive-level reports.
• Services Industry experience
• 3+experience in practice leadership, including managing consultant performance, capacity planning, delivery quality, and continuous improvement of service offerings.
• Soft Skills
• Self-directed leader with a strong sense of ownership and accountability for outcomes.
• Proven ability to engage executive stakeholders, build trusted relationships, and influence decision-making.
• Exceptional communicator, able to translate complex technical and regulatory concepts into clear, actionable guidance for non-technical audiences.

Nice To Haves

• Active Lead CMMC Certified Assessor (CCA) credential; if not CCA certified, willingness to obtain.
• One or more industry certifications such as CISSP, CISM, CISA, CRISC, or equivalent.

Responsibilities

• Delivery Management
• Drive the highest levels of customer success and satisfaction by ensuring delivery excellence, client satisfaction, and clear ongoing compliance partnership.
• Oversee and govern cybersecurity compliance engagements executed by senior consultants, ensuring consistent quality, methodology, and client outcomes.
• Provide senior advisory oversight for customer programs supporting DFARS, CMMC, FedRAMP, NIST CSF and NIST SP 800-171 initiatives.
• Own engagement success by partnering with client leadership to align regulatory requirements with business goals and risk tolerance.
• Review and validate assessment approaches, control testing strategies, and evidence packages for readiness and formal certification efforts.
• Practice Development
• Build and scale practice capability through the creation of repeatable delivery processes and ongoing consultant development.
• Team Member (Employee) Development
• Advise 112Cyber’s ASCERA team on changing compliance requirements and rule interpretation to inform CMMC software development.
• Manage practice resources and capacity, aligning consultant skills and availability to active projects while balancing utilization, delivery timelines, and customer priorities.
• Formal C3PAO Assessments
• Oversee formal CMMC assessments conducted by assessment teams, ensuring adherence to C3PAO requirements, assessment methodology, and accreditation standards.
• Serve in the C3PAO QA role to ensure the effectiveness and accuracy of assessment results by validating that security measures align with CMMC practices and processes for the assigned maturity level.
• Review and approve evidence packages, including technical artifacts such as system logs, incident reports, and audit trails, to confirm compliance and defensibility of conclusions.
• Ensure consistent and unbiased assessment execution, maintaining strict objectivity and evidence-based decision making throughout the assessment lifecycle.
• Oversee assessment documentation and submission readiness for CMMC-AB, ensuring completeness, quality, and regulatory compliance across all C3PAO engagements.
• Maintain assessment integrity and consistency across the practice by enforcing standardized procedures, quality controls, and continuous improvement of the C3PAO program.

Benefits

• Competitive salary and bonus plan.
• Long-term opportunity for equity interest in company.
• Comprehensive medical, mental, and vision plans.
• 401(k) with company match.
• 30 days annual paid time off.
• Significant Training and Development and Certification attainment.
• Opportunity for long term career advancement.
• Your contributions are felt and recognized at our growing company.