CMMC Consultant

Careers at A-LIGN | Compliance Cybersecurity Careers About the Role

CMMC Consultants are leaders in NIST cybersecurity framework who perform assessments for cloud computing technologies in meeting US federal compliance. In this role you will become familiar with the DOD Cybersecurity Maturity Model Certification (CMMC), and become trained and certified by A-LIGN to perform CMMC assessments as a CMMC Certified Professional

Success in this position, requires a strong understanding of IT security-related system controls and of the various testing methods used to ascertain control effectiveness. You will work in a team atmosphere with an experienced Manager, and you ll be assigned technical engagements to support and ensure client-ready deliverables are provided.

• Perform audit testing in accordance with NIST SP 800-171, CMMC Level 1 and Level 2 Assessment Guide, and other authoritative IT security guidance
• Validate information system security plans to ensure NIST control requirements are met
• Assist in development of Security Authorization Packages and ensure completeness and compliance with CMMC requirements and other authoritative IT security guidance
• Collaborate across multiple internal teams to ensure successful delivery of results based on scope of work
• Prepare agendas (e.g. planning, fieldwork, closing, etc.) and request lists
• Lead client meetings and maintain client relationships
• Monitor evidence collection process
• Review evidence and provide feedback to clients
• Address and respond to client questions
• Document evidence in supporting audit leadsheets and workbooks
• Communicate engagement status to management, including escalating any potential issues

• 2-3 years of experience in information security or compliance, preferably with the Big 4 or a mid-tier consulting firm
• Familiarity with any of the following Security Frameworks (NIST, ISO, COBIT, HIPAA/HITECH, etc.) required
• Experience with US government compliance, including FISMA, FedRAMP, RMF, and CSF preferred

• Ability to meet deadlines with a high degree of motivation working in a fast-paced environment
• Ability to lead multiple assessment engagements
• Excellent communication skills to include the ability to explain technical matters to a non-technical audience
• Broad IT background with technical understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle

A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com.