CMMC Cyber Professional

AG Grace Inc. is a cybersecurity and compliance consulting firm specializing in CMMC 2.0 readiness NIST 800-171 compliance DFARS 252.204-7012/7019/7020 advisory and defense-sector cyber risk management. We partner with clients across aerospace defense manufacturing software and healthcare to build resilient audit-ready programs that align with DoD requirements and industry best practices.

The CMMC Certified Professional (CCP) will serve as a hands-on compliance assessor advisor and project lead supporting our CMMC 2.0 readiness engagements. This role bridges technical cybersecurity knowledge and compliance interpretation guiding clients through scoping gap assessment remediation and readiness for C3PAO certification.

The ideal candidate has a strong grasp of NIST SP 800-171 CMMC Level 1 2 controls and experience with both technical controls and governance documentation (SSP POA&M policies). Youll work closely with vCISOs engineers and client stakeholders to deliver measurable compliance outcomes.

• Conduct CMMC 2.0 Gap Assessments and readiness reviews for client environments across diverse industries.

• Interpret and apply CMMC and NIST SP 800-171 controls to assess compliance posture and identify gaps.

• Assist in defining system boundaries data flow diagrams and in-scope assets for FCI/CUI.

• Draft or refine key compliance documents including:

  • System Security Plans (SSP)

  • Plans of Action and Milestones (POA&M)

  • Security policies standards and procedures

  • Risk assessments and evidence artifacts

• Support remediation and implementation of both technical and administrative controls.

• Work directly with client technical teams to validate control implementation (MFA logging EDR encryption patching backups etc.).

• Prepare clients for mock assessments and C3PAO audits including interview coaching and artifact validation.

• Maintain up-to-date knowledge of CMMC DFARS NIST FedRAMP FIPS and DoD cybersecurity developments.

• Contribute to continuous improvement of AG Graces assessment methodologies and templates.

• Optionally mentor junior analysts or contribute to internal training content for AG Graces CMMC practice.

Required:

• Active CMMC Certified Professional (CCP) credential from the Cyber AB.

• 5-7 years of experience in cybersecurity compliance or audit (DoD defense industrial base or regulated industry).

• Working knowledge of NIST SP 800-171 CMMC 2.0 Levels 1 2 and related DFARS clauses.

• Experience developing SSPs POA&Ms and evidence documentation.

• Understanding of core cybersecurity domains: access control incident response configuration management system hardening and vulnerability management.

• Excellent communication presentation and client-facing skills.

• U.S. Citizenship required (due to DoD client engagements).

Preferred:

• Active CISSP CISA CISM CAP or Security certification.

• Familiarity with NIST SPA and ISO 27001.

• Experience with C3PAO readiness activities or as part of an accredited assessment team.

• Prior experience with defense aerospace or manufacturing clients.

• Experience supporting MSP/MSSP or cloud (Microsoft GCC High AWS GovCloud etc.) environments.

• Analytical and detail-oriented with strong risk-based decision-making skills.

• Ability to translate technical controls into business language for executives.

• Confident facilitator and communicator across cross-functional teams.

• Proven ability to manage multiple clients and deadlines in a consulting environment.

• Strong writing and documentation skills.

• Competitive compensation and performance bonuses.

• Comprehensive benefits (medical dental vision 401(k)).

• Paid training exam reimbursement and certification support.

• Flexible hybrid or fully remote work model.

• Opportunity to advance to CMMC Certified Assessor (CCA) and leadership roles.

• A mission-driven environment protecting the U.S. defense supply chain.