Job Opening:

CMMC Consultant

About the Role

CMMC Consultants are leaders in NIST cybersecurity framework who perform assessments for cloud computing technologies in meeting US federal compliance. In this role you will become familiar with the DOD Cybersecurity Maturity Model Certification (CMMC), and become trained and certified by A-LIGN to perform CMMC assessments as a CMMC Certified Professional

Success in this position, requires a strong understanding of IT security-related system controls and of the various testing methods used to ascertain control effectiveness. You will work in a team atmosphere with an experienced Manager, and you’ll be assigned technical engagements to support and ensure client-ready deliverables are provided.

Reports to: Managing Consultant

Pay Classification: Full-Time

Responsibilities

Perform audit testing in accordance with NIST SP 800-171, CMMC Level 1 and Level 2 Assessment Guide, and other authoritative IT security guidance
Validate information system security plans to ensure NIST control requirements are met
Assist in development of Security Authorization Packages and ensure completeness and compliance with CMMC requirements and other authoritative IT security guidance
Collaborate across multiple internal teams to ensure successful delivery of results based on scope of work
Prepare agendas (e.g. planning, fieldwork, closing, etc.) and request lists
Lead client meetings and maintain client relationships
Monitor evidence collection process
Review evidence and provide feedback to clients
Address and respond to client questions
Document evidence in supporting audit leadsheets and workbooks
Communicate engagement status to management, including escalating any potential issues

Minimum Qualifications

EDUCATION

Bachelor’s degree in management information systems, information security, computer science, or relevant discipline; or combination of relevant education and work experience
Master’s degree is a plus

EXPERIENCE

2-3 years of experience in information security or compliance, preferably with the Big 4 or a mid-tier consulting firm
Familiarity with any of the following Security Frameworks (NIST, ISO, COBIT, HIPAA/HITECH, etc.) required
Experience with US government compliance, including FISMA, FedRAMP, RMF, and CSF preferred

CERTIFICATIONS

Working towards any of the following: CMMC CCP, CISA, CISSP, or other relevant certifications (e.g. CIPT, CCSK, etc.).

SKILLS

Ability to meet deadlines with a high degree of motivation working in a fast-paced environment
Ability to lead multiple assessment engagements
Excellent communication skills to include the ability to explain technical matters to a non-technical audience
Broad IT background with technical understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle

Benefits

Generous Paid Time Off Plan
Virtual Employment
Employer Paid Life Insurance and Disability Insurance
Paid Office Closure December 25-January 1
Paid Holidays Schedule
Certification Reimbursement

About A-LIGN

A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com

Come Work for A-LIGN!

Apply online today at A-LIGN.com and learn about life at A-LIGN by following us on LinkedIn

A-LIGN is an Equal Opportunity Employer! Minorities, women, disabled, and veterans encouraged to apply

What is SOC 2? Complete Guide to SOC 2 Reports and Compliance

Menlo Security reduces evidence collection time by 60% with consolidated audit approach

ISO 42001 Checklist – Prepare for AI Compliance

CMMC Buyer’s Guide: How To Choose a C3PAO