CMMC / NIST Consultant / Analyst

Hotman Group LLC

$80K — $110K *
Technical Services
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 3-5 years of experience in GRC or cybersecurity compliance
  • Hands-on experience with CMMC processes
  • Familiarity with NIST SP 800-171, NIST SP 800-53, and FedRAMP
  • Proficient in writing and documentation
  • Ability to work independently in a remote environment
  • Strong organizational and client-facing skills
  • Comfortable stepping into active projects with minimal guidance

Responsibilities

  • Support client engagements for CMMC readiness and documentation
  • Develop and maintain System Security Plans (SSPs)
  • Assist with documentation for NIST SP 800-171, NIST SP 800-53, and FedRAMP
  • Gather and review evidence for control implementation
  • Draft and refine compliance documentation and policies
  • Identify gaps and support remediation tracking
  • Collaborate with client stakeholders to ensure project progress

Benefits

  • Flexible contract role that can be part-time or full-time
  • Remote work environment
  • Opportunity to contribute to meaningful CMMC projects
  • Potential for involvement in diverse cybersecurity projects
  • Engagement with a collaborative team focused on quality work
Full Job Description
About the Role

We are looking for a mid-level CMMC and NIST practitioner who can step into active client delivery work, produce strong documentation, and help move projects forward without a lot of hand-holding.

This is a contract role that may be structured as part-time or full-time based on project needs and candidate availability.

What You Will Do

As a CMMC / NIST Consultant Analyst at Hotman Group you will contribute directly to active client engagements involving federal compliance frameworks. You will:
  • Support client engagements related to CMMC readiness, implementation, and documentation
  • Develop, update, and maintain System Security Plans
  • Assist with NIST SP 800-171, NIST SP 800-53, and FedRAMP documentation, control mapping, and related deliverables
  • Gather, organize, and review evidence supporting control implementation
  • Support CUI scoping discussions, boundary definition, and enclave design
  • Draft and refine control narratives, policies, procedures, and related compliance documentation
  • Identify gaps and support development of POA&Ms and remediation tracking
  • Work directly with client stakeholders to collect information, validate details, and keep deliverables moving
  • Contribute to readiness efforts tied to assessments, documentation, and ongoing compliance activities
  • Participate in peer review of deliverables before they go to clients - your work will be reviewed and you will review others

This is hands-on delivery work in a remote consulting environment. You will be expected to step into active projects and contribute from day one.

What You Bring
  • 3 to 5 years of relevant experience in GRC, cybersecurity compliance, or related consulting work
  • Hands-on experience with CMMC-related work -- this is required, not a nice to have
  • Direct experience developing or contributing to System Security Plans, evidence collection, remediation documentation, and compliance policies -- also required
  • Familiarity with NIST SP 800-171, NIST SP 800-53, and FedRAMP
  • Strong writing and documentation skills -- your deliverables are clear, accurate, and do not require heavy editing before they go to a client
  • The ability to work directly with client stakeholders, gather information, manage follow-through, and keep work moving
  • Strong organization and professionalism in a client-facing environment
  • Comfort stepping into projects that are already in motion and contributing independently with minimal ramp-up time
  • A default toward communication - you keep the team informed, you acknowledge quickly, and you do not go dark on a deliverable or a client

Experience supporting CMMC Level 2 efforts, CUI scoping, enclaves, or boundary discussions is a strong plus. Familiarity with POA&Ms, assessment readiness, and control crosswalks is also valued.

Active certifications such as CCP, CCA, CISSP, CISM, or CISA are preferred. If you do not currently hold a relevant certification, we expect you to be actively pursuing one.

This role requires direct accountability for work product and outcomes. If your CMMC or NIST experience has been primarily observational or in a support capacity without ownership of documentation or deliverables, this role will be a significant adjustment.

Requirements
  • Permanent authorization to work in the U.S. -- no sponsorship of any kind now or in the future
  • Able to pass a background check
  • Reliable high-speed internet and a secure, private remote workspace


Our Hiring Process

Our process is designed to be straightforward but rigorous. In addition to a written questionnaire and video responses, finalists will complete a practical skills assessment before advancing to a panel interview with our delivery team. The assessment reflects the type of work you will do on active client engagements. If you are confident in your CMMC and NIST expertise, this is your opportunity to show it.

No phone calls or emails please.

Similar Jobs

More Jobs at Hotman Group LLC

More Technical Services Jobs

Find similar CMMC / NIST Consultant / Analyst jobs: