CMMC GRC Consultant

Remote - USFull-TimeMiddle

Salary95000 - 145000 USD per year

Apply NowOpens the employer's application page

Job Details

3+ years of experience in cybersecurity compliance, GRC, or IT audit roles.
Direct experience with NIST SP 800-171 and/or the CMMC framework.
Experience writing System Security Plans (SSPs), POA&Ms, and compliance documentation for federal contractors or defense industrial base (DIB) organizations.
Experience conducting gap assessments or security assessments against a recognized framework (NIST 800-171, NIST 800-53, FedRAMP, ISO 27001, or similar).
Working knowledge of Microsoft 365 and Azure at a conceptual level.
CMMC Certified Professional (CCP) - Required at hire or within 6 months.
CMMC Certified Assessor (CCA) - Strongly preferred at hire, required within 12 months.
CMMC Registered Practitioner (RP) - Accepted as starting credential if pursuing CCP/CCA on defined timeline.

Lead initial client scoping engagements: identify people, processes, and assets that interact with CUI and FCI.
Determine enclave architecture recommendations in collaboration with Security Engineers.
Conduct comprehensive gap assessments against all 320 objectives across 110 controls of NIST SP 800-171 Rev 2.
Create detailed Plans of Action and Milestones (POA&Ms) from gap assessment findings.
Translate gap assessment findings into specific, actionable remediation tasks mapped to Azure/M365 components.
Develop and maintain System Security Plans (SSPs) documenting all 110 controls.
Create and maintain the full CMMC compliance policy library.
Manage the evidence collection process.
Conduct internal readiness reviews and mock assessments prior to C3PAO engagement.
Support clients during C3PAO Level 2 assessments.
Manage 4-7 concurrent client engagements at various stages of the CMMC lifecycle.
Train client staff on security policies, acceptable use, CUI handling procedures, and incident reporting obligations.

View Full Description & ApplyYou'll be redirected to the employer's site