CMMC / NIST Consultant, Analyst

📋 Description

• Assist clients in their engagements concerning CMMC readiness, implementation, and documentation.

• Create, update, and sustain System Security Plans.

• Support documentation efforts for NIST SP 800-171, NIST SP 800-53, and FedRAMP, including control mapping and other related deliverables.

• Collect, organize, and examine evidence that substantiates control implementation.

• Aid in discussions regarding CUI scoping, boundary definitions, and enclave designs.

• Compose and enhance control narratives, policies, procedures, and other compliance documentation.

• Detect gaps and assist in the development of POA&Ms along with tracking remediation efforts.

• Collaborate directly with client stakeholders to gather information, validate details, and ensure the timely progress of deliverables.

• Contribute to readiness initiatives linked to assessments, documentation, and ongoing compliance processes.

• Engage in peer reviews of deliverables prior to client submission — your work will undergo review, and you will review the contributions of others.

⛳️ Requirements

• 3 to 5 years of pertinent experience in GRC, cybersecurity compliance, or related consulting roles.

• Practical experience with CMMC-related tasks is essential — this is a requirement, not just a preference.

• Direct involvement in the development or contribution to System Security Plans, evidence collection, remediation documentation, and compliance policies is also necessary.

• Familiarity with NIST SP 800-171, NIST SP 800-53, and FedRAMP guidelines.

• Excellent writing and documentation abilities — your deliverables must be clear, precise, and require minimal editing before reaching clients.

• Capability to engage directly with client stakeholders, gather information, manage follow-through, and facilitate workflow.

• Strong organizational skills and professionalism in a client-facing setting.

• Comfort in joining projects that are already in progress and contributing independently with little ramp-up time.

• A proactive approach to communication — you keep the team updated, respond promptly, and do not leave deliverables or clients unattended.

• Experience in supporting CMMC Level 2 initiatives, CUI scoping, enclaves, or boundary discussions is a significant advantage.

• Familiarity with POA&Ms, assessment readiness, and control crosswalks is also appreciated.

• Active certifications such as CCP, CCA, CISSP, CISM, or CISA are preferred. If you do not currently possess a relevant certification, we expect you to be actively working towards one.

• Permanent authorization to work in the U.S. is required — no sponsorship of any kind, either now or in the future.

• Must be able to pass a background check.

🏝️ Benefits

• Reliable high-speed internet and a secure, private remote workspace.