CMMC (Cybersecurity Maturity Model Certification) Consultant

Tenacious Solutions, LLC is seeking a CMMC (Cybersecurity Maturity Model Certification) Consultant with an active secret clearance to provide guidance and support to our team in achieving compliance with the latest CMMC 2.0 requirements. This is a part-time, flexible position ideal for a subject matter expert with CMMC implementation experience. This position will be mainly remote, but may have occasional on-site requirements in Arlington, VA.

Primary job duties and responsibilities:

• Assess Organizational Readiness: Evaluate current cybersecurity practices and gaps in relation to the three CMMC 2.0 levels (Foundational, Advanced, Expert).
• CMMC Certification Guidance: Provide expert advice on the steps required to achieve and maintain certifications for Levels 1, 2, 3 and 4. This includes guidance on self-assessments, third-party certifications, and government-led assessments.
• Compliance Strategy: Develop a comprehensive roadmap for achieving CMMC compliance, including identifying necessary controls and policies, implementing NIST SP 800-171/800-172 requirements, and addressing Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) security.
• Incident Reporting & Continuous Compliance: Provide guidance on establishing continuous monitoring and compliance processes, including the rapid reporting of security incidents (72-hour notification) and annual affirmations of compliance.
• Technical Execution: Lead the technical implementation and execution of developed technical strategy.
• Training & Awareness: Conduct training sessions to understand the CMMC requirements and how to implement appropriate cybersecurity controls.
• Client Engagement: This role would potentially include consulting with our clients to assess and address CMMC requirements. and support implementations.

The ideal candidate will have:

• Active Secret Clearance or higher required
• Bachelor’s degree from an accredited university, preferably in an IT-related field.
• 5 years of experience in the IT Security / Cybersecurity industry.
• Over 5 years of experience in cybersecurity consulting, specializing in DoD contracts, compliance frameworks (e.g., NIST SP 800-171), and CMMC implementation
• Certification as a CMMC Registered Practitioner (RP), CMMC Assessor (CCA), or Certified CMMC Professional (CCP).
• Extensive knowledge of CMMC practices, NIST 800-171, and related frameworks (e.g., ISO 27001).
• Strong understanding of federal cybersecurity regulations such as DFARS and FISMA.
• Proficient in tools like eMASS and ACAS, with extensive knowledge of cybersecurity standards (NIST 800-171, NIST 800-172).
• Previous experience working for a CMMC RPO or C3PAO (Candidate or Authorized) is highly desired.
• Expertise in setting up an authorized CMMC Third Party Assessment Organization (C3PAO)
• Proficient with new CMMC 2.0 requirements and knowledgeable about the Department of Defense's recently released final rule for the Cybersecurity Maturity Model Certification (CMMC) Program.
• Experience working with the Defense Industrial Base (DIB) and handling Controlled Unclassified Information (CUI).
• Prior experience developing Plans of Action and Milestones (POA&M) for cybersecurity compliance.
• Familiarity with the latest DFARS Clause 252.204-7021 requirements and the implications of the August 2024 CMMC 2.0 updates.
• Proven ability to conduct gap analyses, remediation planning, and implementation advisory.
• Ability to track detailed tasks and ensure timely delivery of project deliverables.
• Ability to work independently and as a part of a team.
• Critical thinking and ability to balance security requirements with mission needs.
• Must be well-organized and detail-oriented with the ability to coordinate, prioritize multiple tasks, and be adaptable to change to accomplish assignments.
• Excellent written and verbal communication skills, with the ability to translate complex compliance details into clear, actionable guidance for non-technical audiences.