Schellman & Co

Senior Associate, CMMC

Schellman & Co$90K — $120K *
US-AnywhereRemote in United States
Technical Services
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in relevant field or equivalent experience
  • 1+ years in a similar role, preferably at Schellman
  • Certifications: CCP, CCA, and Tier 3 DoD determination ideal
  • Experience in compliance assessments, especially CMMC and NIST SP 800-171
  • Strong understanding of security and audit processes

Responsibilities

  • Execute cybersecurity assessments for CMMC and NIST compliance
  • Conduct interviews with client Subject Matter Experts
  • Perform evaluations of client system security configurations
  • Analyze compliance-related documentation and evidence
  • Document findings and deliver comprehensive reports
  • Support cross-training in FedRAMP and NIST 800-53 assessments
  • Participate in client education efforts related to compliance

Benefits

  • Opportunities for further education and industry certification
  • Travel requirement (minimum 25%) for onsite assessments
  • Access to a collaborative team environment
  • Participation in practice development and thought leadership initiatives
  • Comprehensive professional development and training opportunities
Full Job Description
JOB SUMMARY

Senior associates are primarily responsible for hands-on project execution. Experienced senior associates have, or are working towards, specialization in one or more service lines and are assigned to projects accordingly. Senior associates are assigned to a specific service delivery principal that is responsible for supervising the associate's career development. Additionally, senior associate's daily activities are closely supervised by the management teams of their assigned projects. Senior associates may supervise associates and/or senior associates when serving as a member of a project management team.

As a CMMC Senior Associate at Schellman, you will play a critical role in delivering high-quality cybersecurity assessments for clients seeking compliance and assessment primarily for CMMC and NIST SP 800-171/2. You will be responsible for executing gap assessments, compliance assessments, and formal certification assessments across a diverse range of environments, including defense contractors, manufacturers, professional services firms, technology providers, and managed service providers. You will also be cross-trained to support FedRAMP and other engagements based on NIST 800-53, contributing to Schellman's broader Federal Practice.

CMMC Senior Associates perform a variety of responsibilities from start to finish during a project, including:

  • Interviewing client Subject Matter Experts for different fields of the organization, including technical areas as well as Human Resources, SecDevOps, SOC/NOC, and Internal Compliance;


  • Performing walkthroughs of client on-premise, cloud, and hybrid architectures


  • Reviewing system security and technical configurations as they pertain to NIST 800-171 control requirements and CMMC scoping considerations;


  • Analyzing technical documentation such as system security plans (SSPs), policies, procedures, and evidence artifacts;


  • Documenting assessment findings, developing scoring rationales, and drafting formal deliverables; and


  • Maintaining awareness of evolving DoD and CMMC program requirements, including updates to the CAP, scoping guides, and assessment guides to support Schellman methodology updates and client education.


  • Working in Schellman's Federal Practice will lead to the natural honing of your technical skills in a variety of fields including cryptography, network structures, system security tools, and CI/CD. You'll also improve your understanding of organizational controls such as security training programs, configuration management/ system development, and incident response processes. But more than that, a career at Schellman will also support outside opportunities for further education through additional training and the pursuit of industry-accepted certifications such as CISA, CISSP, and others.


CMMC assessors should expect to travel a minimum of 25% for onsite assessment activities.

Essential Functions:

  • Complying with Schellman's code of ethics and professional conduct, methodologies, policies, and procedures


  • Adhering to the professional and regulatory standards relevant to assigned service line specialization(s)


  • Promoting Schellman's company culture and exemplifying Schellman's values


  • Establishing high quality relationships and rapport with client personnel


  • Managing client expectations to ensure expectations are exceeded


  • Completing assigned duties in a timely manner and with a high attention to detail


  • Collaborating with fellow project team members in a productive and timely manner throughout the life cycle of each project


  • Adhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasks


  • Escalating issues internally in a proper and timely manner


  • Using discretion and decorum in the timing, form, and content of all client communications


  • Booking travel reservations in a timely manner and in accordance with Schellman's travel and expense policies and procedures


  • Performing the essential functions of other service delivery positions when qualified and called upon to do so


  • Attending project kick-off and closing meetings


  • Executing assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards and CMMC requirements and guidance (e.g., CAP, 32 CFR Part 170), and suggesting ideas for improvements, where applicable


  • Drafting project deliverables


  • Serving as a contact for clients' basic questions regarding an engagement


  • Participating in recruiting and candidate interview activities


  • Training project team members


  • Acclimating newer team members to Schellman


  • Contributing to Schellman's practice development efforts


  • Developing an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s)


  • Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.)


  • Collaborate with internal teams to ensure consistent application of methodologies and quality standards.


  • Support client education and advisory efforts related to CMMC and NIST SP 800-171 compliance.


  • Participate in FedRAMP readiness and assessment engagements as part of cross-training and service line expansion.


  • Contribute to Schellman's thought leadership through webinars, articles, and public speaking.


Knowledge, Skills, and Abilities:

  • Working knowledge of Schellman's services, methodology, and relevant professional standards


  • Requisite knowledge of applicable technology and security domains


  • High level of attention to detail and quality of work product


  • Client service oriented


  • Excellent time management, organizational, and verbal and written communication skills


  • Ability to work on-site or remotely as a valuable contributor to a collaborative team


  • Capable of simultaneously managing assigned tasks for multiple projects


  • Proficient using Microsoft Word, Excel, and PowerPoint, as well as Schellman's service delivery applications


  • Full understanding and application of ethics, independence and Schellman's values


Education, Work Experience and Certifications

  • Bachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified


  • Has completed at least one year of service at Schellman or relevant professional services experience in financial auditing, operational auditing, information systems auditing, internal auditing, information security management or consulting and/or risk consulting


  • Must have CCP and a favorable Tier 3 determination from DoD


  • Ideal candidate has all 3 of the following certifications: CCP, CCA, and a favorable Tier 3 determination from DoD


About Schellman & Co

Schellman & Company is a global provider of assurance and compliance services. They specialize in IT security and privacy, regulatory compliance, and attestation reporting. The firm was founded in 2002 and has offices in the United States, Europe, and Asia. Schellman & Company has been recognized as a Best Place to Work by the Tampa Bay Business Journal and the Atlanta Business Chronicle.
Learn more about Schellman & Co
Size
500 employees
Industry
Net Income
$5 million
Founded
2002
5 Year Trend
+10%
Revenue
$50 million

Similar Jobs

More Jobs at Schellman & Co

More Technical Services Jobs

Find similar Senior Associate, CMMC jobs: