CMMC Compliance Consultant

This is a fully remote position, open to applicants in California.

📋 Description

• Lead and perform CMMC Level 2 gap assessments across all 110 practices outlined in NIST SP 800-171 Rev 2, spanning the 14 control domains.

• Carry out readiness reviews and present findings along with prioritized remediation roadmaps.

• Develop and maintain System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), policies, procedures, and implementation narratives utilizing the NIST SP 800-171A examine, test, and interview methodology.

• Create CMMC-specific network diagrams, data flow diagrams, and Controlled Unclassified Information (CUI) boundary documentation.

• Assess client environments related to CUI systems, including Microsoft 365 GCC and GCC High, Intune, Microsoft Defender for Endpoint, and specialized platforms like PreVeil.

• Act as the primary technical liaison for assigned Defense Industrial Base (DIB) accounts throughout the compliance lifecycle.

• Conduct interviews with client personnel to verify controls and collect evidence, while delivering status updates and executive summaries with precision.

• Ensure data accuracy within the Governance, Risk, and Compliance (GRC) platform (such as IntelliGRC) for managing SSPs, tracking POA&Ms, and handling evidence documentation.

• Enhance internal CMMC methodologies, templates, and tools; mentor junior consultants; and monitor updates on CMMC Program regulations (32 CFR Part 170, DFARS 252.204-7021) and Cyber AB guidance to maintain practice relevance.

⛳️ Requirements

• Valid CMMC Certified Professional (CCP) credential in good standing with the Cyber AB.

• Valid CMMC Certified Assessor (CCA) credential in good standing with the Cyber AB.

• At least 5 years of progressive IT experience, with a minimum of 2 years dedicated to cybersecurity.

• At least 1 year of direct experience in CMMC, DFARS 252.204-7012/7021, NIST SP 800-171, or other compliance consulting roles.

• Proven expertise in scoping CUI environments and implementing NIST SP 800-171 Rev 2 across all 14 control families.

• Practical experience with Microsoft 365 Commercial, GCC, and/or GCC High environments in the context of CMMC compliance.

• Familiarity with Azure Sentinel, Microsoft Defender for Endpoint (MDE), and Intune within CMMC-focused environments.

• Strong skills in drafting SSP implementation narratives, assessment procedures aligned with NIST 800-171A, and POA&M documentation.

• Knowledge of FedRAMP Moderate authorization requirements and cloud service provider boundary scoping.

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field.

🏝️ Benefits

• Opportunities for professional growth and career advancement.

• Competitive compensation and comprehensive benefits package.

• Flexible work schedules and remote work options.

• Access to ongoing training and development resources.

• Collaborative and supportive work environment.