CMMC Assessor

SP6 is seeking a compliance professional ready to take the next step in their career! In this role, you will play a key part in delivering CMMC C3PAO assessments for organizations pursuing certification, while also contributing to advisory services that support our clients' broader compliance objectives.

Joining our Compliance team, you will see your impact across the company as you take ownership over customer projects and advising our platform team on the different compliance rules.   

CMMC Assessments

• Conducting formal assessments of organizations’ cybersecurity practices against using the CMMC assessment process (CAP).
• Collaborate with client organizations to plan assessments, develop assessment schedules, and ensure readiness
• Assess the effectiveness of security measures practices and ensure they align with the CMMC practices and processes for the assigned maturity level.
• Interview key personnel within the organization to understand how cybersecurity practices are implemented and maintained.
• Collect and evaluate sufficiency and adequacy of evidence, such as system logs, incident reports, and audit trails, to verify implementation.
• Maintain an objective and unbiased stance during the assessment process, ensuring that conclusions are based on facts and evidence.
• Ensure that all documentation is properly prepared for submission to the eMASS if the organization is seeking certification.
• All team members – from leadership to individual contributors – will also assist with the development of our CRC (Cyber Risk & Compliance) delivery processes and methodologies.

Other Responsibilities

• Lead with a “customer first” attitude and be an exhibitor of SP6’s Core Values, as an example to other team members

• CMMC Certified Assessor (CCA) or Certified Professional (CCP).
• CISSP, CISM, CISA, CRISC or other related certification.
• 2 minimum years of experience testing and documenting IT security controls including experience managing and facilitating external IT audits.
• 2 minimum years of experience leading external or internal audits, e.g., CMMC, FedRAMP, ISO 27001, PCI.
• 2 minimum years of experience with cybersecurity.
• Self-driven, with a strong desire to succeed.
• Ability to engage with customers/executives and foster positive relationships.
• Exceptional communicator and ability to relay complex technical concepts to non-technical audience.

• The chance to be part of a winning team and a premier C3PAO.
• Competitive salary.
• Quarterly Bonus plan.
• Comprehensive medical, dental, and vision plans.
• 401(k) with company match.
• 30 days annual paid time off.
• Significant Training and Development and Certification attainment.
• Opportunity for long term career advancement.
• Your contributions are felt and recognized at our growing company.

SP6 is an industry recognized C3PAO (Certified Third-Party Assessor Organization) dedicated to assisting organizations in effectively identifying and managing cyber risks while ensuring compliance with industry standards, federal laws, and regulations.

SP6 has developed, ASCERA, a powerful automation tool bringing security and compliance teams closer together by providing real-time testing of security controls to determine effectiveness and gather system generated evidence.