Lead Consultant - CMMC Cybersecurity Assessor

Description & Requirements

The IT Risk & Compliance team helps organizations manage IT governance, cybersecurity, and regulatory compliance across industries. With expertise in frameworks like CMMC, NIST, and ISO 27001, they offer services including IT audits, risk assessments, ransomware simulations, and control testing. Their tailored strategies ensure data security, regulatory alignment, and operational continuity—empowering clients to navigate today's complex digital risk landscape with confidence.

• Conduct information security risk and compliance assessments aligned with federal and government‑mandated cybersecurity frameworks, including CMMC, NIST SP 800‑171, NIST SP 800‑53, FedRAMP/State
  
  RAMP, and the NIST Cybersecurity Framework.
• Evaluate IT environments to identify compliance gaps and vulnerabilities; document findings with clear reporting, proof‑of‑concept, and actionable recommendations.
• Lead and perform assessments based on NIST SP 800‑171 to support CMMC Level 2 certification readiness.
• Collaborate with consulting teams serving large enterprise clients across various industries.
• Assist organizations in defining system boundaries for in‑scope environments.
• Support clients in developing documentation such as System Security Plans (SSPs), policies and procedures, strategic plans, and Plans of Action and Milestones (POA&Ms).
• Design and implement solutions—tools, processes, and data flows—to meet compliance requirements and reduce cybersecurity risk.
• Manage multiple concurrent projects, ensuring timely delivery and adherence to budget constraints.
• Contribute to the development of new strategic service offerings in federal cybersecurity compliance; build solution roadmaps and mentor junior team members.

• Associate's Degree in Cybersecurity, Management Information Systems (MIS), Computer Science, or a related field; or a minimum of six years of relevant experience.
• 4+ years of relevant experience in cybersecurity, IT audit, or governance, risk, and compliance.
• Experience in a minimum of 1 of the following frameworks:
• NIST Cybersecurity Framework (CSF)
• Cybersecurity Maturity Model Certification (CMMC) and/or NIST SP 800‑171
• Payment Card Industry Data Security Standard (PCI DSS) / ISO 27001 / 27002
• FedRAMP / StateRAMP
• FISMA and NIST SP 800‑53 / CIS Critical Security Controls
• Experience providing consulting, assessment, or implementation services associated with federal cyber compliance frameworks, including NIST 800‑171, FISMA, or FedRAMP.
• Working knowledge of cyber risk management frameworks (CMMC / NIST 800‑171, FISMA, FedRAMP, NIST Cybersecurity Framework, NIST SP 800‑53).
• General knowledge of common compliance frameworks (PCI DSS, ISO 27001, HIPAA/HITRUST).
• Proficiency in Microsoft Office Suite.
• CMMC Certified Assessor (CCA) credential.

• Bachelor's Degree in Cybersecurity, MIS, Computer Science, or a relevant field.
• Professional services or consulting experience.
• Current and valid cybersecurity and/or privacy‑related certification(s), including but not limited to the following: CISSP, CISA, CISM, QSA, and CIPP.