Certified CMMC Assessor (CCA)

Job Title: Certified CMMC Assessor (CCA)

Reports To: Lead Assessor / Director of Compliance

Location: Hybrid

Position Type: Full-Time Non-Exempt

Security Clearance: Active Tier 3 Investigation Required

Position Summary: We are seeking a meticulous and experienced Certified CMMC Assessor (CCA) to join our growing cybersecurity compliance team. The CCA will be responsible for leading and conducting formal CMMC assessments for Department of Defense (DoD) contractors within the Defense Industrial Base (DIB). This role involves in-depth analysis of client environments against CMMC controls evidence collection formal reporting and providing expert guidance to ensure the security and integrity of Controlled Unclassified Information (CUI).

Key Responsibilities:

• Lead and participate in CMMC Level 1 2 and/or 3 assessments as a key member of an assessment team.
• Develop detailed assessment plans based on the CMMC Assessment Process (CAP).
• Conduct thorough evaluations of policies procedures and technical configurations against CMMC practices and processes.
• Collect examine and analyze objective evidence to support assessment findings.
• Author comprehensive and defensible assessment reports detailing findings and results.
• Interface directly with clients providing clear communication and managing expectations throughout the assessment lifecycle.
• Maintain up-to-date knowledge of the CMMC framework NIST SP 800-171 NIST SP 800-53 and evolving DoD cybersecurity requirements.
• Contribute to the continuous improvement of our internal assessment methodologies and toolsets.

Qualifications:

• Certification: Must hold an active Certified CMMC Assessor (CCA) certification from the Cyber-AB.
• Clearance: Must possess and maintain an active Tier 3 (or higher) U.S. Government security clearance.
• Experience:
  • Minimum of 5 years of experience in cybersecurity IT audit or information assurance.
  • Minimum of 2 years of direct experience assessing against NIST SP 800-171.
  • Demonstrated experience leading or conducting formal security assessments.
• Skills:
  • Expert-level understanding of the CMMC framework domains practices and assessment objectives.
  • Strong knowledge of federal cybersecurity regulations (e.g. DFARS 252.204-7012).
  • Excellent written and verbal communication skills with the ability to articulate complex technical concepts to both technical and non-technical stakeholders.
  • High degree of integrity professionalism and impartiality.