Technical Cyber Advisor

*** This is a hybrid position with a minimum of three days per week on site in Hanover, MD***

The Cybersecurity Advisor (CA) specializing in Cybersecurity Maturity Model Certification (CMMC) has expert-level understanding of IT and cybersecurity landscapes, with in-depth knowledge of the CMMC framework, including its requirements, processes, and implementation strategies. The Cyber Advisor will lead client organization’s efforts to achieve and maintain CMMC compliance with current and future standards. The Cyber Advisor will serve as a trusted cybersecurity resource to both technical and non-technical stakeholders and can advise on wide-ranging cyber security topics, including cyber threats, technologies, and best practices, enhancing the organization's overall cybersecurity posture.

Qualified candidates should have a strong technical background (ex, systems, networks, cloud, etc.) in addition to vulnerability analysis, incident reporting, security standards, policy, and training content delivery.

The Cybersecurity Advisor may also conduct classroom and/or webinar instruction in the theory & execution of cyber security best practices to small and medium size business operators. The Advisor will work as part of a team to develop and refine cyber courseware.

• Provide expert advice on a wide range of cybersecurity issues, including risk analysis, incident management, compliance, and security architecture.
• Develop and implement cybersecurity strategies tailored to the specific needs and risk profile of the organization.
• Lead client organization’s CMMC certification process, from initial assessment to final certification and continuous monitoring.
• Develop and implement a CMMC compliance roadmap, including timelines, resource allocation, and key milestones.
• Lead compliance and security assessments with various cybersecurity frameworks and standards, including CMMC, ISO 27001, NIST 800-171, NIST CSF, ISO 9001, and FedRAMP.
• Act as the primary point of contact for all cyber compliance-related matters, liaising with senior management, external auditors, and other relevant parties.
• Develop and implement cybersecurity strategies tailored to the specific needs and risk profile of the organization.

• Interpret and apply appropriate cyber-related framework requirements to the organization's systems, processes, and policies as applicable.
• Collaborate with IT, security, and operational teams to implement necessary controls and measures to achieve the required compliance with frameworks and policies, including CMMC.

• Conduct comprehensive gap analyses to identify deficiencies in current security practices relative to applicable cybersecurity requirements.
• Develop and manage Plan of Action and Milestones (POA&Ms) to address identified gaps, ensuring timely and effective implementation of corrective actions.

• Create and maintain policies, procedures, and documentation required for security compliance, including System Security Plans (SSP).
• Ensure all relevant stakeholders are informed of and adhere to these policies and procedures.

• Work with Instructional System Design teams to create and deliver cybersecurity and awareness training to educate clients and employees on cybersecurity requirements, security policies, and best practices.
• Conduct tabletop exercises to ensure organizational readiness in the event of a security breach.
• Promote a culture of security awareness throughout the organization, emphasizing the importance of compliance.

• Plan and conduct audits to evaluate the effectiveness of security controls and compliance.
• Prepare for and support external audits conducted by certified third-party assessors (e.g., C3
  
  PAOs).

• Implement continuous monitoring processes to ensure ongoing compliance with CMMC and other relevant security standards.
• Regularly review and update security measures, policies, and procedures to reflect changes in the relevant cybersecurity framework or organizational needs.