CMMC Consultant

CMMC Consultant Report to: vCISO Status: Regular, Full‑Time, Exempt Location: Remote, Central Time Zone Required Position Summary The focus of the CMMC Consultant is to build and maintain strategic relationships with client stakeholders while guiding defense contractors and regulated organizations through cybersecurity compliance and assessment readiness initiatives. This position is responsible for evaluating current security practices, identifying compliance gaps, and driving the implementation of cybersecurity and compliance strategies that align with client business objectives and regulatory requirements. The CMMC Consultant is fully accountable for providing compliance expertise and strategic guidance by working collaboratively with the FIT team and clients to develop, implement, and mature cybersecurity programs that support Cybersecurity Maturity Model Certification (CMMC), NIST SP 800‑171, Secure Controls Framework (SCF), and other applicable regulatory frameworks. This role will facilitate compliance readiness efforts, assist with remediation planning, and help clients establish sustainable security practices that improve organizational resilience and assessment outcomes. The CMMC Consultant will review security control implementation, documentation, resource utilization, and project progress to support clients efficiently while ensuring timelines, deliverables, and compliance objectives remain on track. This role requires strong consulting, communication, and organizational skills, with the ability to translate complex cybersecurity and compliance requirements into practical business solutions. Primary Objectives Lead mock assessments, readiness reviews, and evidence validation activities to ensure organizations are prepared for formal compliance assessments, maintaining audit readiness scores of 80% or higher. Develop, maintain, and support compliance documentation, including System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), policies, procedures, and other required artifacts, ensuring milestones and deliverables are completed on time. Drive a positive client experience by achieving and maintaining target Customer Satisfaction (CSAT) scores as measured through project survey feedback. Secondary Objectives Build and maintain trusted advisor relationships with clients throughout their compliance readiness journey. Guide defense contractors and regulated organizations in achieving and maintaining CMMC compliance and assessment readiness. Conduct cybersecurity and compliance gap assessments against CMMC, NIST SP 800‑171, and related frameworks. Assist clients in identifying, protecting, and managing Controlled Unclassified Information (CUI) within their environments. Develop and support remediation strategies, corrective action plans, and compliance roadmaps to address identified gaps. Collaborate with internal and client technical teams to validate security control implementation and ensure compliance requirements are effectively met. Translate complex regulatory and cybersecurity requirements into practical, actionable business and technical guidance. Competencies Cybersecurity & Compliance Expertise – Demonstrates knowledge of CMMC, NIST SP 800‑171, NIST Cybersecurity Framework (CSF), Secure Controls Framework (SCF), and related regulations. Applies compliance requirements effectively to support client assessment readiness and risk reduction. Risk Assessment & Analytical Thinking – Evaluates cybersecurity controls, identifies compliance gaps, analyzes risks, and develops practical remediation strategies. Uses sound judgment to prioritize actions and recommend solutions aligned with business and regulatory requirements. Client Relationship Management – Builds trusted advisor relationships with clients through professionalism, responsiveness, and credibility. Understands client objectives and delivers solutions that support both compliance and business outcomes. Consulting & Advisory Skills – Provides strategic guidance and recommendations that translate complex cybersecurity and compliance requirements into actionable business and technical solutions. Influences decision‑making through expertise and collaboration. Technical Acumen – Maintains a working knowledge of security technologies, enterprise environments, cloud platforms, identity and access management, endpoint security, and security operations to effectively evaluate and validate control implementation. Communication & Documentation – Communicates clearly with technical and non‑technical stakeholders. Produces accurate, thorough, and professional documentation, including System Security Plans (SSPs), POA&Ms, policies, procedures, and assessment artifacts. Project & Organizational Management – Effectively manages multiple client engagements, priorities, timelines, and deliverables. Demonstrates strong attention to detail while maintaining quality and meeting project objectives. Continuous Learning & Adaptability – Maintains awareness of evolving CMMC requirements, NIST guidance, regulatory changes, and industry best practices. Applies new knowledge to improve client outcomes and enhance service delivery. Education & Experience Minimum 10 years of progressive experience in information technology, cybersecurity, risk management, or information security leadership. At least 5 years of experience providing strategic security guidance, security program management, compliance oversight, or executive‑level cybersecurity leadership. At least 1 year of experience conducting CMMC readiness assessments, gap analyses, or compliance consulting aligned with DFARS 252.204‑7012/7021 and NIST SP 800‑171 requirements. Current Cyber AB Registered Practitioner (RP) certification preferred; equivalent cybersecurity compliance certifications considered. Experience managing and advising organizations with complex IT environments, including cloud platforms, hybrid infrastructure, outsourced service providers, and integrated business systems. Strong knowledge of cybersecurity frameworks and regulatory requirements, such as NIST CSF, CIS Controls, ISO 27001, HIPAA, HITRUST, SOC 2, PCI‑DSS, and other applicable standards. Healthcare industry experience and knowledge of healthcare regulations, including HIPAA and HITECH, preferred. Bachelor’s degree in Information Security, Cybersecurity, Information Technology, Computer Science, Business Administration, or a related field preferred; Master’s degree in Cybersecurity, Information Systems, Business Administration (MBA), or a related discipline strongly preferred. Relevant industry certifications such as CISSP, CISM, CRISC, CGEIT, HCISPP, or equivalent strongly preferred. Demonstrated experience communicating cybersecurity risks, strategies, and recommendations to executive leadership, boards of directors, and key stakeholders. Benefits Health, Dental & Vision Insurance (premiums paid up to 99% for employee coverage). Options include PPO, HDHP, HMO andACO. Multiple carrier options. FSA (dependent and medical), HSA options (for qualified plans) and supplemental insurance options. $10,000 employer‑paid Life Insurance & AD&D (employees have the option to buy up). Paid holidays. Paid time off. Paid sick leave. Flexible “hybrid” work environment. Retirement plan (401k). Professional training & development opportunities. Physical Requirements Ability to remain in a stationary position and/or move throughout the workday, including standing, walking, sitting, speaking, and driving for extended periods as needed. Ability to occasionally lift and/or move up to 20 pounds. Travel requirements: up to 20% of the time. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions of the position. AAP/EEO Statement FIT Solutions is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind. We are committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. We will not tolerate discrimination or harassment based on any of these characteristics. #J-18808-Ljbffr