[Remote] CMMC Senior Consultant
Note: The job is a remote job and is open to candidates in USA. FRSecure is dedicated to fixing the broken information security industry and is seeking a CMMC Senior Consultant to serve as a trusted advisor and subject matter expert. This role involves helping organizations strengthen their cybersecurity programs and achieve Cybersecurity Maturity Model Certification (CMMC) readiness by leading assessments, mentoring consultants, and collaborating with clients on security improvements.
Responsibilities
- Performing duties such as team consultation, guidance, training, and support to the Consulting Services team
- Being a subject matter expert on CMMC services, answer questions, and help create solutions or troubleshoot problems
- Developing, documenting and maintaining CMMC methodologies
- Leading multiple concurrent CMMC engagements simultaneously, coordinating internal consultants and subject matter experts, review assessment workpapers, ensure consistent assessment methodology, maintain project timelines, manage client expectations, and escalate project risks when appropriate
- Lead CMMC readiness assessments using all applicable CMMC practices and assessment objectives, documenting identifies compliance gaps, control weaknesses, and implementation deficiencies
- Produce detailed assessment reports with prioritized remediation recommendations, validate objective evidence, and make final determination on objective evidence sufficiency
- Lead clients through defining the official CMMC assessment scope, including Identification of CUI assets, Identification of Security Protection Assets (SPA), Specialized Assets, Contractor Risk Managed Assets (CRMA), and Out-of-Scope Assets
- Partner with client stakeholders to remediate deficiencies by developing remediation roadmaps, prioritizing findings by risk and certification impact, recommending technical solutions, assisting with policy development, Reviewing System Security Plans (SSP), Reviewing Plans of Action & Milestones (POA&M), validating corrective actions, performing remediation verification assessments and preparing clients for formal certification assessments
- Collaborate with the marketing team to develop, document, and maintain CMMC sales and marketing materials
- Develop and execute on training plan for employees on CMMC services
- Participate in research and development and share insights with the team
- Participate and lead regular group meetings to provide support and training to team members
- Take individual accountability for client and project success and support team members to assure the same
- Work with clients at all levels of the organization, including C-suite, to identify and prioritize security gaps
- Serve as primary technical advisor throughout client engagements, lead kickoff meetings and project workshops, present findings to executive leadership, translate technical issues into business risk, provide practical, risk-based recommendations, mentor client technical staff through remediation activities, and maintain positive client relationships throughout engagements
- Develop roadmap security efforts and remediation plans
- Coach clients in the development of information security policies, procedures, disaster recovery plans, incident response plans, and other projects as needed
- Educate clients on sound information security concepts and principles and advise on the implementation of suitable information security controls
- Provide insight to clients related to relevant regulatory and best-practice information security standards through gap assessments and readiness coaching
- Conduct organization-wide security assessments for client organizations. Conduct client interviews, review policy and procedures, and observe controls within client facilities
- Document assessment findings and present assessment results to client leadership
- Maintain and develop own technical and security knowledge on a consistent basis
- Takes individual accountability for client and project success
Skills
- 5-10 years of experience in Information Security or a related field, consisting of work and educational experience, demonstrating expertise in communicating information security risk management practices
- Previous experience operating as a vCISO, Security Consultant, or providing enterprise leadership related to Information Security
- CCA certification required
- Must be current with the CAICO
- Have or able to obtain a Tier 3 determination from DoD or equivalent background check
- CISSP certification required
- A strong desire to develop and improve existing FRSecure services; strong verbal and written communication skills and actively work to support and build the knowledge of other team members
- A strong understanding of internal workflows and interdepartmental procedures to lead cross-functional initiatives
- Self-motivated and proactively seeks out learning opportunities and asks questions
- In depth understanding of information security foundations including asset management, data security, network management, physical security, and security governance
- Expert knowledge in vCISO services and demonstrated expertise in their effective execution with clients
- Ability to lead by example through initiative, clear communication, and collaboration
- Proficient in delivering exceptional customer experiences through empathy, active listening, and clear communication
- Able to communicate effectively across teams and stakeholders to drive alignment and results
- Demonstrated excellence in planning, prioritization, and execution of complex tasks and projects
- Lead CCA preferred
Benefits
- Flexible Work Environment: We empower employees with flexible schedules and remote or hybrid work options.
- Mental Health & Wellbeing Support: Access to an Employee Assistance Program (EAP) and a culture that actively promotes mental wellbeing, open communication, and sustainable work practices.
- Growth & Development: Ongoing learning opportunities and support for professional development to help you grow in your career.
- Comprehensive Benefits Package: Including medical, dental and vision insurance, health savings, flexible savings and dependent care savings account options, life and disability insurance, 401(k) with employer match up to 4%, and pet insurance.
- Generous Time Off: Unlimited paid time off offered to rest and recharge, paid parental leave (6 weeks of 100% regular, straight time weekly pay for non-birthing parents, and 12 weeks of 100% regular, straight time weekly pay for birthing parents), 11 paid holidays, and volunteer time off.
Company Overview