Certified CMMC Assessor

About the Role

The role of a CMMC Assessor is critical in ensuring the security and compliance of sensitive information. With the increasing demand for cybersecurity professionals, this role offers a unique opportunity to work with a variety of clients and contribute to the development of OCT's C3PAO practice.

OCT Consulting is a small business with a strong track record of delivering professional services and information technology solutions to federal government clients. As a member of the team, you will have the opportunity to work on exciting projects, collaborate with experienced professionals, and contribute to the company's growth and success.

What You Will Do

• Conduct CMMC Level 2 certification assessment activities under the direction of the Lead Certified CMMC Assessor
• Examine documentation and artifacts to ensure compliance with NIST SP 800-171 Rev 2 requirements
• Interview personnel to gather information and test security controls
• Document findings and recommend MET/NOT MET/NOT APPLICABLE determinations for assigned requirements
• Support the development of the assessment plan, scope validation, and pre-assessment readiness reviews
• Contribute to the assessment report and support POA&M closeout activities
• Maintain assessment evidence and working papers in accordance with C3PAO procedures and ISO/IEC 17020:2012
• Adhere to the Cyber AB Code of Professional Conduct, conflict-of-interest, ethics, and impartiality requirements
• Collaborate with the assessment team to ensure timely completion of assessment activities
• Provide input to the Lead Assessor on the assessment plan and scope

What We Are Looking For

• Active Certified CMMC Assessor (CCA) certification in good standing
• Bachelor's degree in cybersecurity, information technology, information systems, or a related field
• Typically 4+ years of cybersecurity or information assurance experience, including exposure to NIST SP 800-171/CMMC
• Working knowledge of NIST SP 800-171 Rev 2, NIST SP 800-171A, 32 CFR Part 170, and DFARS 252.204-7012
• Strong documentation, analytical, and communication skills
• Ability to obtain and maintain a favorable Tier 3 background investigation
• U.S. citizenship is mandatory for this role
• Additional certifications such as CompTIA Security+, CISSP, CISA, or CCP are preferred

Nice to Have

• Experience working with federal government clients
• Knowledge of C3PAO procedures and ISO/IEC 17020:2012
• Familiarity with assessment planning, scope validation, and pre-assessment readiness reviews
• Experience with POA&M closeout activities

Benefits and Perks

• Competitive hourly rate commensurate with experience
• Opportunity to work on exciting projects with a variety of clients
• Collaborative and dynamic work environment
• Professional development and growth opportunities
• Remote work options with occasional travel to client sites
• Access to cutting-edge technology and tools
• Comprehensive benefits package, including health insurance and PTO

• Ensure you have the required certifications, such as CMMC Assessor certification, before applying.
• Develop a strong understanding of NIST SP 800-171 Rev 2 and CMMC requirements to stand out in the application process.
• Tailor your resume and cover letter to highlight relevant experience and skills in cybersecurity and assessment.
• Prepare to discuss your experience with assessment planning, scope validation, and pre-assessment readiness reviews during the interview.
• Research the company culture and values to demonstrate your fit with the organization.
• Be prepared to provide examples of your analytical and communication skills, as well as your ability to work independently and as part of a team.