[Hiring] CMMC Assessor @Ascera

Role Description

SP6 is seeking a compliance professional ready to take the next step in their career! In this role, you will play a key part in delivering CMMC C3PAO assessments for organizations pursuing certification, while also contributing to advisory services that support our clients' broader compliance objectives.

Joining our Compliance team, you will see your impact across the company as you take ownership over customer projects and advising our platform team on the different compliance rules.

• Customer Delivery: Majority of this time focused on delivering C3PAO assessments and a minority devoted to CMMC consulting as needed.
• Practice Development: Participating in the process of establishing SOPs and best practices for performing C3PAO Assessments and Mock Assessments. Assisting the existing CRC team with the development and refinement of our CRC (Cyber Risk & Compliance) practice delivery processes.

How You’ll Drive Success

• CMMC Assessments:
  • Conducting formal assessments of organizations’ cybersecurity practices against using the CMMC assessment process (CAP).
  • Collaborate with client organizations to plan assessments, develop assessment schedules, and ensure readiness.
  • Assess the effectiveness of security measures practices and ensure they align with the CMMC practices and processes for the assigned maturity level.
  • Interview key personnel within the organization to understand how cybersecurity practices are implemented and maintained.
  • Collect and evaluate sufficiency and adequacy of evidence, such as system logs, incident reports, and audit trails, to verify implementation.
  • Maintain an objective and unbiased stance during the assessment process, ensuring that conclusions are based on facts and evidence.
  • Ensure that all documentation is properly prepared for submission to the eMASS if the organization is seeking certification.
• C3PAO Assessment Practice Development:
  • Participating in the process of establishing SOPs and best practices for performing C3PAO CMMC Assessments and Mock Assessments.
  • All team members – from leadership to individual contributors – will also assist with the development of our CRC (Cyber Risk & Compliance) delivery processes and methodologies.
• Other Responsibilities:
  • Lead with a “customer first” attitude and be an exhibitor of SP6’s Core Values, as an example to other team members.

Qualifications

• CMMC Certified Assessor (CCA) or Certified Professional (CCP).
• CISSP, CISM, CISA, CRISC or other related certification.
• 2 minimum years of experience testing and documenting IT security controls including experience managing and facilitating external IT audits.
• 2 minimum years of experience leading external or internal audits, e.g., CMMC, FedRAMP, ISO 27001, PCI.
• 2 minimum years of experience building security programs in alignment with NIST, CSF, NIST 800-53 and/or NIST 800-171.
• 2 minimum years of experience with Cloud Security.
• Self-driven, with a strong desire to succeed.
• Ability to engage with customers/executives and foster positive relationships.
• Exceptional communicator and ability to relay complex technical concepts to non-technical audience.

Benefits

• The chance to be part of a winning team and a premier C3PAO.
• Competitive salary.
• Quarterly Bonus plan.
• Employer-paid health insurance.
• 401(k) with company match.
• 30 days annual paid time off.
• Significant Training and Development and Certification attainment.
• Opportunity for long term career advancement.
• Your contributions are felt and recognized at our growing company.