The Dedicated Assessment Consultant plays a lead role representing clients in C3’s Cybersecurity Maturity Model Certification (CMMC) Assessment program. This role works collaboratively with client stakeholders including business leaders and internal IT, as well as C3’s professional services and managed services teams and third-party service providers. The primary purpose of this role is to project manage client assessments and to represent and defend C3’s reference architecture and compliance implementation on behalf of the client during Certified Third-Party Assessment Organization (C3PAO) Pre-Assessments and Assessments.
What You'll Do
Review and prepare client documentation to ensure successful pre-assessments and assessments.
Conduct gap analyses to identify areas of non-compliance and develop remediation plans
Project manage client assessments by contacting, organizing, and facilitating stakeholders and interested parties before, during, and after assessments.
Validate system scope (technology, people, business processes) for compliance
Perform QA/QC and validate artifacts and evidence and ensure client success prior to assessment
Manage, validate, and defend System Security Plan(s), policies, and procedures in CMMC assessments
Manage customer expectations, internal and external resources, and relevant third parties to ensure engagements are successful
Facilitate post-assessment debriefings with clients to review findings and next steps
Provide ongoing advisory to clients on issues related to security and compliance
Provide expert guidance on interpreting compliance requirements and translating them into actionable steps for clients
Develop and maintain subject matter expertise in the laws, regulations, and government-wide policies that govern cybersecurity data protection for the U.S. Defense Industrial Base, including:
DFARS (NIST SP 800-171, FedRAMP equivalency)
CMMC (Levels 1 & 2, boundary scoping)
CUI Program (NARA CUI Registry, CUI/CDI/CTI, FCI)
Export controls (ITAR/EAR)
Assist team members with client needs as needed
Analyze assessment results and provide strategic recommendations for improving C3’s services
Contribute to the development of internal best practices and methodologies for conducting assessments
Mentor junior team members on assessment techniques and client management strategies
What You'll Bring
Subject matter expertise in CMMC assessment and certification requirements (including assessment objectives up to Level 2) and DFARS 252.204-7012 requirements (including FedRAMP Moderate equivalency requirements for cloud service providers and paragraph (c) – (g) requirements)
Cyber AB’s CCP is required; CCA is preferred
Technical understanding and experience leveraging Microsoft cloud services (Azure, Office 365) to meet compliance requirements, especially in Azure Government and Microsoft 365 GCC High environments
Microsoft AZ-500 certification, highly preferred
7 or more years of experience implementing cybersecurity requirements for Department of Defense contractors (DFARS 252.204-7012, NIST SP 800-171) or federal information systems (RMF, NIST SP 800-53)
Very strong written and verbal communication skills, with the ability to convey technical information as a subject matter expert (SME) for various compliance frameworks
High emotional intelligence and interpersonal skills, with an enthusiasm for collaboration and coordination with various client company stakeholders from executive management to entry-level staff
Strong organizational and time management skills with ability to correctly prioritize workload to maintain schedules, deadlines, and standards on assigned projects
Ability to remain calm under pressure and be adaptable
Ability to cross-train into other specialties
Awareness of the cybersecurity product/vendor landscape and current security best practices
Awareness of U.S. export control requirements under ITAR and EAR
Experience consulting with multiple clients at the same time
Bachelor’s degree or higher in technology, engineering, or related field
Ability to obtain U.S. government security clearance
What You'll Get
To be a part of one of the fastest-growing companies in America, and a talented team to back you up.
An awesome culture, backed up by winning several Best Places to Work awards.
Remote work opportunities
Medical, Dental, Vision Insurance
Four Weeks of Paid Time Off (vacation & sick leave)
Four weeks of Paid Maternity and Paternity leave
Two days of Paid Volunteer Time
401(k) with 4% Company Match
Company Bonus Structure
Tuition Reimbursement
Employer-sponsored Disability & Life Insurance
Professional Development
This a remote position with minimal travel.
C3's Core Values:
Team Human: Respecting all humans is a critical part of who we are at C3. We practice integrity in all interactions, we empathize with others, we create a supportive work environment, and we support the communities in which we live and operate.
Security First: At the cornerstone of our business, we prioritize security above convenience, cost or efficiency. A “security-first” approach means we practice what we preach and we lead by example for our clients.
Be an Advocate: We are passionate in our advocacy for our customer’s success and a path to the best solution for their business. We embrace feedback, put ourselves in your shoes and advocate for your interests as our own.
Embrace Change: It's a practical necessity in an industry that never stands still. As a new entity born from the merger of two top-ranked CMMC-focused IT services companies, we're keenly aware that our success hinges on our ability to adapt - whether that means integrating new platforms, refining processes, or keeping pace with changing guidelines.
Resilience: Our ability to withstand adversity and accomplish objectives while maintaining professionalism and discipline is critical to successful crisis management and risk avoidance.
C3 Integrated Solutions is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status, or any other characteristic protected by law.
This is a general description of the duties, responsibilities and qualifications required for this position. Physical, mental, sensory, or environmental demands may be referenced to communicate the way this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, C3 Integrated Solutions will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.