[Remote] Compliance Consultant, CMMC
Note: The job is a remote job and is open to candidates in USA. C3 Integrated Solutions works with U.S. federal and defense contractors to implement security controls and develop mature cybersecurity and compliance practices. The Compliance Consultant will lead the development and management of a Governance, Risk, and Compliance (GRC) program, collaborating with client stakeholders and internal teams to ensure compliance with relevant regulations and standards.ResponsibilitiesDocument the flow of sensitive and controlled data types through existing business processesDetermine a system scope (technology, people, business processes) for complianceCollaborate with customers, technical, and functional teams to define, document, and deliver security documentation and artifactsAssess the current implementation of applicable technical and non-technical requirements (e.g., CMMC, DFARS, FAR, export controls)Develop and manage System Security Plan(s), policies, and proceduresManage customer expectations, internal and external resources, and relevant third parties to ensure engagements are successfulDevelop and maintain subject matter expertise in the laws, regulations, and government-wide policies that govern cybersecurity data protection for the U.S. Defense Industrial Base, including: DFARS (NIST SP 800-171, FedRAMP equivalency), CMMC (Levels 1 & 2, boundary scoping), CUI Program (NARA CUI Registry, CUI/CDI/CTI, FCI), Export controls (ITAR/EAR)Provide ongoing advisory to clients on issues related to security and complianceAssist team members with client needs as neededSkillsHands-on experience implementing NIST SP 800-171 or SP 800-53 is required3 or more years of experience implementing cybersecurity requirements for Department of Defense contractors (DFARS 252.204-7012, NIST SP 800-171) or federal information systems (RMF, NIST SP 800-53)Very strong written and verbal communication skills, with the ability to convey technical information as a subject matter expert (SME) for various compliance frameworksHigh emotional intelligence and interpersonal skills, with an enthusiasm for collaboration and coordination with various client company stakeholders from executive management to entry-level staffStrong organizational and time management skills with ability to correctly prioritize workload to maintain schedules, deadlines, and standards on assigned projectsAbility to remain calm under pressure and be adaptableAbility to cross-train into other specialtiesUnderstanding of the cybersecurity product/vendor landscape and current security best practicesSubject matter expertise in CMMC assessment and certification requirements (including assessment objectives up to Level 2) and DFARS 252.204-7012 requirements (including FedRAMP Moderate equivalency requirements for cloud service providers and paragraph (c) – (g) requirements)Awareness of U.S. export control requirements under ITAR and EAROccasional (US Citizens onlyProfessional certifications such as the Cyber AB's CCP or CCA, or other industry credentials such as CISSP, CISM, CISA, or similarExperience leveraging Microsoft cloud services (Azure, Office 365) to meet compliance requirements, especially in Azure Government and Microsoft 365 GCC High environmentsExperience consulting with multiple clients at the same timeBachelor's degree or higher in technology, engineering, or related fieldAbility to obtain U.S. government security clearanceVeteran preferredBenefitsRemote work opportunitiesMedical, Dental, Vision InsuranceFour Weeks of Paid Time Off (vacation & sick leave)Four weeks of Paid Maternity and Paternity leaveTwo days of Paid Volunteer Time401(k) with 4% Company MatchCompany Bonus StructureTuition ReimbursementEmployer-sponsored Disability & Life InsuranceProfessional DevelopmentCompany OverviewC3 Integrated Solutions is an IT firm that offers cyber-security, cloud deployment, IT infrastructure and digital transformation services. It was founded in 2008, and is headquartered in Arlington, Virginia, USA, with a workforce of 51-200 employees. Its website is https://www.c3isit.com/.