Lead Certified CMMC Assessor; CCA Hybrid - onsite

Job Title: Lead Certified CMMC Assessor (CCA)
Location:
Silver Spring, MD (Hybrid, 1-day onsite)
Clearance Required: None
Salary Range: $120K-$150K
Final date to receive applications: March 31, 2026

To apply, please follow these steps:

• Visit .
• Select the position you are interested in.
• Review the job details, then click Apply Now.
• Complete and submit your application.

Description

IBSS is seeking a Lead Certified CMMC Assessor (CCA) to serve as the cornerstone of our CMMC initiatives. This is a high-visibility leadership role requiring a rare blend of technical expertise, regulatory precision, and emotional intelligence. You will not be just checking boxes; you will be navigating the complexities of the CMMC Assessment Process (CAP) while ensuring our clients, and our internal team, are prepared for the rigors of CMMC compliance.

You will act as the primary authority for formal C3

PAO assessments, making critical determinations on practice implementation while maintaining the highest ethical standards to prevent conflicts of interest. When not leading formal assessments, you will leverage your expertise to help small-to-mid-sized defense contractors translate complex NIST 800-171 requirements into sustainable business operations.

We are looking for a professional who possesses strong interpretive judgment. You can evaluate diverse technical architectures and confidently determine if they satisfy CMMC requirements. You will serve as a "Teacher-Leader" who excels at clarifying complex requirements for clients and colleagues alike. As an added bonus, IBSS is the perfect home for your career if you value a culture that prioritizes volunteerism and community impact.

Key Responsibilities:

• Lead Formal Assessments: Serve as the Assessment Team Leader for CMMC Level 2 assessments; manage the end-to-end assessment lifecycle in accordance with the CMMC Assessment Process (CAP).

• Quality & Ethics Oversight: Ensure all assessment activities strictly adhere to the Cyber AB Code of Professional Conduct and maintain rigorous protocols to prevent conflicts of interest between consulting and assessment clients.

• Evidence Validation: Review and validate complex evidence provided by Organizations Seeking Certification (OSCs) to determine practice implementation and meta-data sufficiency.

• Reporting: Author and certify Final Assessment Reports (FAR) and ensure all findings are accurately uploaded into the CMMC Enterprise Mission Assurance Support Service (eMASS).

• Pre-Assessment Coaching: Lead non-assessment clients through gap analyses, readiness reviews, and documentation development (e.g., SSPs and POA&Ms).

• Framework Mapping: Translate complex NIST SP 800-171 requirements into actionable business processes for diverse client environments.

• Artifact Orchestration: Assist clients in building robust Evidence Packages that tell a clear story of compliance to an external C3
  
  PAO.

Required Skills /Education/ Certifications & Qualifications:

• Demonstrated Lead Assessor History: Minimum of six (6) years of experience specifically performing and leading formal cybersecurity assessments against high-assurance frameworks (e.g., NIST SP 800-53, 800-171, FedRAMP, or ISO 27001).

• Assessment Methodology: Deep familiarity with the CMMC Assessment Process (CAP) and the NIST SP 800-171A assessment objectives.

• Interpretive Judgment: Proven ability to evaluate diverse technical architectures (on-prem, GCC High, hybrid) and determine if they satisfy regulatory objectives.

• Certified CMMC Assessor (CCA): Must hold a current, valid CCA certification from the Cyber AB.

• Certified CMMC Professional (CCP): Must have successfully completed the CCP prerequisite.

• Baseline Certification: Must maintain at least one DoD-approved baseline certification (i.e., CISA, CISM, or CISSP).

• Career Tenure: At least ten (10) years in cybersecurity GRC, IT audit, or compliance program support.

• Education: Bachelor's degree…