CMMC Certified Assesor (CCA)
Insight Assurance · Tampa, FL · 3 mo ago
RemoteRemoteManagementFull-time
About the role
We are seeking a highly qualified CMMC Certified Assessor (CCA) to lead and execute cybersecurity compliance assessments for defense contractors and suppliers handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).
Responsibilities
- Lead and/or participate as a CMMC Certified Assessor (CCA) in official CMMC assessments and readiness reviews for Level 1 and Level 2 certifications under CMMC 2.0.
- Perform gap analyses comparing client environments against CMMC, NIST SP 800-171/172, and other relevant frameworks.
- Review, validate, and document compliance artifacts including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), security policies, and technical evidence.
- Conduct stakeholder interviews, review control implementations, and determine compliance status for required practices and processes.
- Provide detailed assessment reports, identifying findings, risks, and actionable recommendations for remediation.
- Collaborate with client teams (IT, InfoSec, Risk, Audit) to build and execute remediation plans that support certification readiness.
- Stay current with evolving DoD cybersecurity requirements, CMMC 2.0 program updates, and related standards (e.g., NIST CSF, ISO 27001).
- Communicate assessment results effectively to technical and executive audiences, including C-suite and compliance leadership.
- Mentor junior team members and contribute to continuous improvement of the company’s CMMC assessment methodology and templates.
Requirements
- Active CMMC Certified Assessor (CCA) credential issued by The Cyber AB (Cyber Accreditation Body).
- U.S. Citizenship (required for DoD-related engagements).
- 5+ years of professional experience in cybersecurity, compliance, or audit within regulated or defense-related environments.
- In-depth understanding of CMMC 2.0, NIST SP 800-171/172, and DFARS 252.204-7012/7019/7020 requirements.
- Proven experience conducting technical security assessments, gap analyses, and compliance reviews.
- Strong analytical, organizational, and written communication skills.
- Ability to manage multiple concurrent assessments and client engagements independently.
Qualifications
- Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related discipline (or equivalent work experience).
- Additional certifications such as CISSP, CISM, CISA, CAP, or Security+ preferred.
- Experience working for or with a Certified Third-Party Assessment Organization (C3PAO) preferred.
- Familiarity with government cloud environments (e.g., Microsoft GCC High, AWS GovCloud) preferred.
- Active or previously held DoD security clearance (Tier 3 or above) preferred.
Skills
- Deep knowledge of CMMC 2.0, NIST SP 800-171/172, and DFARS 252.204-7012/7019/7020 requirements.
- Proven experience conducting technical security assessments, gap analyses, and compliance reviews.
- Strong analytical, organizational, and written communication skills.
- Ability to manage multiple concurrent assessments and client engagements independently.
Benefits
- Flexible Paid Time Off and paid Holidays
- Performance Bonuses
- 100% Remote
- Competitive salary and benefits package
- Opportunities for professional growth and development
- Collaborative and innovative work environment