Quality Assurance Individual, CMMC Assessments (CCA) (0001)

OCT Consulting, LLC•McLean, VA

13h•$35 - $50•Remote

About The Position

OCT Consulting is a business management and technology consulting firm that supports Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology. OCT currently has an opening for a Quality Assurance Individual, CMMC Assessments (CCA) to support the build-out of OCT’s CMMC Certified Third-Party Assessment Organization (C3PAO) practice. This position provides independent quality oversight of CMMC Level 2 certification assessments and must hold an active CCA certification. The role is named alongside the assessment team in the CMMC Level 2 assessment process and is subject to the same background investigation requirement.

Requirements

Must be a U.S. Citizen.
Active Certified CMMC Assessor (CCA) certification in good standing (required for this role in addition to quality responsibilities).
Must be able to obtain and maintain a favorable Tier 3 background investigation resulting in a national security eligibility determination (this is not a security clearance and is not for the purpose of government employment). The investigation will involve a credit, fingerprint, and law enforcement agency check.
Bachelor’s degree in cybersecurity, information technology, quality management, or a related field, or equivalent professional experience.
Typically 6+ years of cybersecurity, information assurance, audit, or quality experience, including NIST SP 800-171 / CMMC.
Knowledge of ISO/IEC 17020:2012, quality management systems, and internal auditing practices.
Familiarity with NIST SP 800-171 Rev 2, NIST SP 800-171A, and 32 CFR Part 170.
Strong attention to detail, sound independent judgment, and the ability to maintain impartiality.

Nice To Haves

Certifications such as CISA, ISO 17020 / quality auditor credentials, or CISSP preferred.

Responsibilities

Provide independent quality assurance review of CMMC Level 2 certification assessments, ensuring methodology, evidence sufficiency, scoring, and determinations are consistent, complete, and defensible.
Review assessment plans, evidence packages, working papers, and final reports prior to issuance of any Certificate of CMMC Status.
Maintain and continuously improve the C3PAO quality management system in alignment with ISO/IEC 17020:2012 and Cyber AB requirements.
Verify adherence to NIST SP 800-171A assessment procedures and to the Cyber AB Code of Professional Conduct, conflict-of-interest, ethics, and impartiality requirements.
Identify nonconformities, track corrective actions, and support internal audits and management reviews.
Ensure assessment records are complete and retained per policy, and support DIBCAC and Cyber AB oversight and surveillance activities.
Maintain independence from the assessment teams whose work is being reviewed in order to preserve impartiality of the quality function.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume