Quality Assurance Individual, CMMC Assessments (CCA) (0001)

Quality Assurance Individual, CMMC Assessments (CCA)  

OCT Consulting is a business management and technology consulting firm that supports Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology.

Responsibilities and Duties

OCT currently has an opening for a Quality Assurance Individual, CMMC Assessments (CCA) to support the build-out of OCT’s CMMC Certified Third-Party Assessment Organization (C3PAO) practice. This position provides independent quality oversight of CMMC Level 2 certification assessments and must hold an active CCA certification. The role is named alongside the assessment team in the CMMC Level 2 assessment process and is subject to the same background investigation requirement.

Day to day responsibilities include:

• Provide independent quality assurance review of CMMC Level 2 certification assessments, ensuring methodology, evidence sufficiency, scoring, and determinations are consistent, complete, and defensible.
• Review assessment plans, evidence packages, working papers, and final reports prior to issuance of any Certificate of CMMC Status.
• Maintain and continuously improve the C3PAO quality management system in alignment with ISO/IEC 17020:2012 and Cyber AB requirements.
• Verify adherence to NIST SP 800-171A assessment procedures and to the Cyber AB Code of Professional Conduct, conflict-of-interest, ethics, and impartiality requirements.
• Identify nonconformities, track corrective actions, and support internal audits and management reviews.
• Ensure assessment records are complete and retained per policy, and support DIBCAC and Cyber AB oversight and surveillance activities.
• Maintain independence from the assessment teams whose work is being reviewed in order to preserve impartiality of the quality function.

• Must be a U.S. Citizen. U.S. citizenship is mandatory for this role because all personnel participating in the CMMC Level 2 certification assessment process must complete a Tier 3 background investigation resulting in a determination of national security eligibility.
• Active Certified CMMC Assessor (CCA) certification in good standing (required for this role in addition to quality responsibilities).
• Must be able to obtain and maintain a favorable Tier 3 background investigation resulting in a national security eligibility determination (this is not a security clearance and is not for the purpose of government employment). The investigation will involve a credit, fingerprint, and law enforcement agency check.
• Bachelor’s degree in cybersecurity, information technology, quality management, or a related field, or equivalent professional experience.
• Typically 6+ years of cybersecurity, information assurance, audit, or quality experience, including NIST SP 800-171 / CMMC.
• Knowledge of ISO/IEC 17020:2012, quality management systems, and internal auditing practices.
• Familiarity with NIST SP 800-171 Rev 2, NIST SP 800-171A, and 32 CFR Part 170.
• Certifications such as CISA, ISO 17020 / quality auditor credentials, or CISSP preferred.
• Strong attention to detail, sound independent judgment, and the ability to maintain impartiality.
• Location / on-site: Remote-eligible with occasional to client sites travel as required.

Salary Range: $35- $50 hourly commensurate with experience, education, etc. This role may be available as either a part-time or full-time opportunity.