CMMC Consultant

About the Role 

CMMC Consultants are leaders in NIST cybersecurity framework who perform assessments for cloud computing technologies in meeting US federal compliance. In this role you will become familiar with the DOD Cybersecurity Maturity Model Certification (CMMC), and become trained and certified by A-LIGN to perform CMMC assessments as a CMMC Certified Professional 

Success in this position, requires a strong understanding of IT security-related system controls and of the various testing methods used to ascertain control effectiveness. You will work in a team atmosphere with an experienced Manager, and you’ll be assigned technical engagements to support and ensure client-ready deliverables are provided. 

Reports to: Managing Consultant Pay Classification: Full-Time  Responsibilities 

• Perform audit testing in accordance with NIST SP 800-171, CMMC Level 1 and Level 2 Assessment Guide, and other authoritative IT security guidance
• Validate information system security plans to ensure NIST control requirements are met
• Assist in development of Security Authorization Packages and ensure completeness and compliance with CMMC requirements and other authoritative IT security guidance
• Collaborate across multiple internal teams to ensure successful delivery of results based on scope of work
• Prepare agendas (e.g. planning, fieldwork, closing, etc.) and request lists
• Lead client meetings and maintain client relationships
• Monitor evidence collection process
• Review evidence and provide feedback to clients
• Address and respond to client questions
• Document evidence in supporting audit leadsheets and workbooks
• Communicate engagement status to management, including escalating any potential issues 

Minimum Qualifications 

EDUCATION 

• Bachelor’s degree in management information systems, information security, computer science, or relevant discipline; or combination of relevant education and work experience
• Master’s degree is a plus 

EXPERIENCE 

• 2-3 years of experience in information security or compliance, preferably with the Big 4 or a mid-tier consulting firm
• Familiarity with any of the following Security Frameworks (NIST, ISO, COBIT, HIPAA/HITECH, etc.) required
• Experience with US government compliance, including FISMA, FedRAMP, RMF, and CSF preferred 

CERTIFICATIONS 

• Working towards any of the following: CMMC CCP, CISA, CISSP, or other relevant certifications (e.g. CIPT, CCSK, etc.). 

SKILLS 

• Ability to meet deadlines with a high degree of motivation working in a fast-paced environment
• Ability to lead multiple assessment engagements  
• Excellent communication skills to include the ability to explain technical matters to a non-technical audience
• Broad IT background with technical understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle 

About A-LIGN 

A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com.

Come Work for A-LIGN!

Apply online today at A-LIGN.com and learn about life at A-LIGN by following us on LinkedIn. 
A-LIGN is an Equal Opportunity Employer! Minorities, women, disabled, and veterans encouraged to apply!

The personal data you provide to us is processed by A-LIGN Bulgaria. Your personal data is shared with employees of A-LIGN, and the candidate data retention period is 6 months. You have the right to obtain information about the processing of your personal data. In addition, you have the right to correct, to block, and to delete your data in accordance with the local laws and regulations. For more information you can visit A-LIGN’s Privacy Policy.