Cmmc Jobs (NOW HIRING)

Ariento is seeking a Senior Consultant to join our Advisory and Consulting Team and act as a Cybersecurity Maturity Model Certification (CMMC) Subject Matter Expert (SME). This role will:

• Perform consulting/readiness and compliance services for organizations seeking compliance with CMMC, DFARS 252.204-7012, NIST SP 00-171, and FedRAMP
• Conduct readiness/consulting services directly with our clients to assess their cybersecurity posture and improve the effectiveness of their security controls in preparation for a third-party audit
• Conduct reviews of security artifacts and aid completing required documentation to include: SSPs, POA&Ms, Policies, Procedures, Plans, dataflow diagrams, network diagrams, and other documents
• Assume responsibility for the successful execution and delivery of compliance assessments to include CMMC, FedRAMP, and NIST as part of Ariento’s C3PAO team
• Help grow Ariento’s CMMC practice by contributing to the development of our capabilities, methodology and foster a continuous improvement environment
• Work with practice leadership to build client relationships and identify sales opportunities.

Role Responsibilities:

You should also be able to deliver on the following expertly and consistently:

• Perform CMMC Readiness consulting engagements to assess client’s security controls against CMMC requirements and produce detailed gap analysis reports
• Verify and document the implementation of security controls necessary to achieve compliance
• Lead remediation engagements to help clients meet security controls and prepare them for a third-party assessment.
• Participate as part of the Assessment Team during CMMC Level 2 assessments and support the Lead Assessor across all phases of the assessment: Plan & Prepare the Assessment, Conduct the Assessment, Report Assessment Results, Close out POA&Ms and Assessment
• Review documentation, validate evidence, and identify security and compliance gaps
• Review and develop System Security Plans (SSPs), Plans of Actions and Milestones (POA&Ms), and as well as necessary artifacts
• Develop various policy documents (SOPs) as required. This may include policies regarding Configuration Management, IS Sanitization, Media Security, Password Policy, Business Continuity, Continuity of Operations, Incident Response, Disaster Recovery, and Security Assessments
• Support the development of assessment reports, including findings, recommendations, and action plans
• Work closely with clients to address security and compliance concerns, provide guidance, and ensure regulatory requirements are met against industry frameworks.
• Participate in client meetings, take effective notes, and ask relevant questions to gather information
• Contribute to the continuous improvement of the organization's cyber security and compliance practices, methodologies, and tools
• Maintain up-to-date knowledge of regulatory changes, emerging threats, and industry trends
• Ensure that all deliverables are of the highest quality and that tasks are executed in accordance project timelines and budgets
• Support business development and RFP activities

Required Skills and Qualifications

• 5+ years of experience with conducting security control assessments against industry frameworks, including CMMC, NIST RMF, NIST SP 800-171, NIST 800-53, etc.
• A US citizen who can pass a suitability determination process from the DoD
• A deep knowledge of CMMC 2.0
• Candidate must possess or be able to obtain at least one or more of the following: CMMC Certified Assessor (CCA) (Preferred) OR CMMC Certified Professional (CCP) (Minimum)
• Bachelor’s degree in business administration, computer science, IT, cybersecurity, or related field/experience.
• Team player able to work well with others in a collaborative manner and is a self-starter who can work with minimum supervision
• Work to continually build and improve solid and well-rounded practices and processes
• Excellent communication skills, both written and verbal with strong presentation skills
• Ability to interact with clients and represent the company in a professional manner
• Ability to successfully manage multiple tasks with competing priorities
• Strong customer service and consulting experience
• Experience with preparing and delivering executive level reporting
• 5+ years in a consulting role specifically client facing
• Experience with Windows and Linux system administration
• Ability to travel as required.

Preferred Qualifications

• CISSP, CISM, CISA, CCA, CCP or related certification preferred