Senior Assessor (CCA or LCCA)

Position Responsibilities:

• Lead and manage projects (referred to as engagements): scoping, client readiness, assessment execution, report preparation, findings remediation (for advisory engagements), certification recommendations, and quality assurance to meet USG standards.
• Serve as primary point of contact for clients, senior stakeholders (CISO, VP Security, program managers), and regulators.
• Oversee and mentor a team of assessors, auditors, consultants, and technical experts, ensuring consistent methodology, quality of deliverables, and adherence to accreditation standards.
• Develop and implement program frameworks, playbooks, templates, and tools for efficient assessment deployment across client sites and systems.
• Identify and escalate risks, control gaps, and remediation pathways; collaborate with clients to develop Plans of Action & Milestones (POA&Ms) and track progress.
• Ensure continuous monitoring and compliance of client systems, supporting repeat assessments and beyond certification status.
• Partner with business development, capture, and proposal teams to build the practice, win new work, and expand service offerings in information assurance and cybersecurity.
• Maintain up-to-date awareness of regulatory standards and accreditation changes to the frameworks listed above, and integrate these changes into assessment/advisory thinking.
• Communicate complex technical findings and cybersecurity risks to non-technical leadership, providing actionable recommendations.

Qualifications:

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity or related field (Master’s a plus).
• Minimum of 6+ years of experience in cybersecurity, information assurance, third-party assessments, or compliance (experience with other C3PAOs, assessor organization or consulting firm strongly preferred).
• Demonstrated experience managing assessment engagements under frameworks such as CMMC, NIST SP 800-171/800-53, FedRAMP, GovRAMP, NIST RMF, or similar.
• Strong technical understanding of cybersecurity controls, risk-based assessment methodologies, and audit criteria.
• Leadership experience managing teams, delegating work, mentoring staff and driving high performance.
• Excellent communication skills, with experience translating technical cyber and compliance issues into business-focused insights for senior leadership.
• Ability to travel (domestic and possibly international) to client sites for assessments or audits (travel % to be determined).
• Candidate will already have successfully undergone and completed the required DoD CMMC Tier 3 background investigation for immediate placement on assessments. 
• Recognized LCCA or CCA (verifiable on CyberAB marketplace) OR recognized CCP with strong understanding and experience in RMF for DoD IT or FedRAMP/DISA’s FedRAMP+. 
• Demonstrated ability to manage client engagements including project planning, overall delivery structure or methodology; ability to pivot if/when client’s business landscape drives project changes.  

Preferred Qualifications

• Experience with cloud environments (SaaS, IaaS, PaaS), DevSecOps, identity & access management, penetration testing or GRC toolsets.
• Previous experience in business development or growth of an assurance services practice.