CMMC Consultant

Reports to: vCISO

Status: Regular, Full-Time, Exempt

Location: Remote, Central Time Zone Required

POSITION SUMMARY: The focus of the CMMC Consultant is to build and maintain strategic relationships with client stakeholders while guiding defense contractors and regulated organizations through cybersecurity compliance and assessment readiness initiatives. This position is responsible for evaluating current security practices, identifying compliance gaps, and driving the implementation of cybersecurity and compliance strategies that align with client business objectives and regulatory requirements.

The CMMC Consultant is fully accountable for providing compliance expertise and strategic guidance by working collaboratively with the FIT team and clients to develop, implement, and mature cybersecurity programs that support Cybersecurity Maturity Model Certification (CMMC), NIST SP 800-171, Secure Controls Framework (SCF), and other applicable regulatory frameworks. This role will facilitate compliance readiness efforts, assist with remediation planning, and help clients establish sustainable security practices that improve organizational resilience and assessment outcomes.

The CMMC Consultant will review security control implementation, documentation, resource utilization, and project progress to support clients efficiently while ensuring timelines, deliverables, and compliance objectives remain on track. This role requires strong consulting, communication, and organizational skills, with the ability to translate complex cybersecurity and compliance requirements into practical business solutions.

PRIMARY OBJECTIVES

• Lead mock assessments, readiness reviews, and evidence validation activities to ensure organizations are prepared for formal compliance assessments, maintaining audit readiness scores of 80% or higher.
• Develop, maintain, and support compliance documentation, including System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), policies, procedures, and other required artifacts, ensuring milestones and deliverables are completed on time.
• Drive a positive client experience by achieving and maintaining target Customer Satisfaction (CSAT) scores as measured through project survey feedback.

SECONDARY OBJECTIVES

• Build and maintain trusted advisor relationships with clients throughout their compliance readiness journey.
• Guide defense contractors and regulated organizations in achieving and maintaining CMMC compliance and assessment readiness.
• Conduct cybersecurity and compliance gap assessments against CMMC, NIST SP 800-171, and related frameworks.
• Assist clients in identifying, protecting, and managing Controlled Unclassified Information (CUI) within their environments.
• Develop and support remediation strategies, corrective action plans, and compliance roadmaps to address identified gaps.
• Collaborate with internal and client technical teams to validate security control implementation and ensure compliance requirements are effectively met.
• Translate complex regulatory and cybersecurity requirements into practical, actionable business and technical guidance.

COMPETENCIES

Cybersecurity & Compliance Expertise

• Demonstrates knowledge of CMMC, NIST SP 800-171, NIST Cybersecurity Framework (CSF), Secure Controls Framework (SCF), and related cybersecurity regulations. Applies compliance requirements effectively to support client assessment readiness and risk reduction.

Risk Assessment & Analytical Thinking

• Evaluates cybersecurity controls, identifies compliance gaps, analyzes risks, and develops practical remediation strategies. Uses sound judgment to prioritize actions and recommend solutions aligned with business and regulatory requirements.

Client Relationship Management

• Builds trusted advisor relationships with clients through professionalism, responsiveness, and credibility. Understands client objectives and delivers solutions that support both compliance and business outcomes.

Consulting & Advisory Skills

• Provides strategic guidance and recommendations that translate complex cybersecurity and compliance requirements into actionable business and technical solutions. Influences decision-making through expertise and collaboration.

Technical Acumen

• Maintains a working knowledge of security technologies, enterprise environments, cloud platforms, identity and access management, endpoint security, and security operations to effectively evaluate and validate control implementation.

Communication & Documentation

• Communicates clearly with technical and non-technical stakeholders. Produces accurate, thorough, and professional documentation, including System Security Plans (SSPs), POA&Ms, policies, procedures, and assessment artifacts.

Project & Organizational Management

• Effectively manages multiple client engagements, priorities, timelines, and deliverables. Demonstrates strong attention to detail while maintaining quality and meeting project objectives.

Continuous Learning & Adaptability

• Maintains awareness of evolving CMMC requirements, NIST guidance, regulatory changes, and industry best practices. Applies new knowledge to improve client outcomes and enhance service delivery.

EDUCATION AND EXPERIENCE

• Minimum 10 years of progressive experience in information technology, cybersecurity, risk management, or information security leadership.
• At least 5 years of experience providing strategic security guidance, security program management, compliance oversight, or executive-level cybersecurity leadership.
• At least 1 year of experience conducting CMMC readiness assessments, gap analyses, or compliance consulting aligned with DFARS [redacted]/7021 and NIST SP 800-171 requirements.
• Current Cyber AB Registered Practitioner (RP) certification preferred; equivalent cybersecurity compliance certifications considered.
• Experience managing and advising organizations with complex IT environments, including cloud platforms, hybrid infrastructure, outsourced service providers, and integrated business systems.
• Strong knowledge of cybersecurity frameworks and regulatory requirements, such as NIST CSF, CIS Controls, ISO 27001, HIPAA, HITRUST, SOC 2, PCI-DSS, and other applicable standards.
• Healthcare industry experience and knowledge of healthcare regulations, including HIPAA and HITECH, preferred.
• Bachelor's degree in Information Security, Cybersecurity, Information Technology, Computer Science, Business Administration, or a related field preferred; Master's degree in Cybersecurity, Information Systems, Business Administration (MBA), or a related discipline strongly preferred.
• Relevant industry certifications such as CISSP, CISM, CRISC, CGEIT, HCISPP, or equivalent strongly preferred.
• Demonstrated experience communicating cybersecurity risks, strategies, and recommendations to executive leadership, boards of directors, and key stakeholders.

BENEFITS

FIT Solutions has your back, and is proud to offer a rich benefit package to our employees, including:

• Health, Dental & Vision Insurance (premiums paid up to 99% for employee coverage)
• Options include, PPO, HDHP, HMO and ACO
• Multiple carrier options
• FSA (dependent and medical), HSA options (for qualified plans) and supplemental insurance options
• $10,000 employer-paid Life Insurance & AD&D (employees have the option to buy up)
• Paid holidays
• Paid time off
• Paid sick leave
• Flexible "hybrid" work environment
• Retirement plan (401K)
• Professional training & development opportunities

PHYSICAL REQUIREMENTS

• Ability to remain in a stationary position and/or move throughout the workday, including standing, walking, sitting, speaking, and driving for extended periods as needed.
• Ability to occasionally lift and/or move up to 20 pounds.
• Travel requirements: Up to 20% of the time.