Job Description

Own The Role:

SP6 (C3PAO Authorized Organization) is looking for a Compliance SME wanting to take the next step in their career! In this role, you will assist organizations in solidifying and strengthening their security posture while also conducting assessments for those pursuing certification.

Joining our Compliance team, you will see your impact across the company as you take ownership over customer projects and advising our platform team on the different compliance rules.

From there, you will be supporting Defense Industrial Base (DiB) companies to ensure they are CMMC and/or NIST 800-171 compliant. You will accomplish this through providing pre-audit readiness and GAP assessments, plans of action and milestones (POA&M) support, Compliance as a Service (CaaS), and official C3PAO assessments.

How You’ll Drive Success:

Advisory Services

• Leading cybersecurity gap assessments aligned with NIST SP 800-171 and Cybersecurity Maturity Model Certification (CMMC).
• Supporting the day-to-day activities of engagements for external clients, as a contributing member of SP6’s customer-facing Cyber Risk & Compliance practice.
• Assist external customers in their FedRAMP, DFARS 7012, CMMC, and NIST 800-171 compliance initiatives.
• Applying cyber compliance / risk management knowledge, control principles and technical knowledge across cyber risk and compliance engagements.
• Consulting with end clients to gather requirements and understand our clients' key business and security challenges. Working with team members to advise on practical and cost-effective solutions to help mitigate our clients’ cybersecurity risks and challenges.
• In depth knowledge of relevant security regulatory compliance requirements and translating those into business processes and security controls to enhance and support client’s compliance and audit capabilities.
• Articulating and defending IT controls testing approach and performing test of design and operating effectiveness.
• Develop and deliver training to internal teams and customers.
• Establishing and maintaining effective working relationships with colleagues, existing clients, and prospective client organizations.
• Supporting the ASCERA product team and advising them on SP6’S NIST continuous monitoring software.

C3PAO Assessments

• Conducting formal assessments of organizations’ cybersecurity practices using the CMMC assessment process (CAP).
• Collaborate with client organizations to plan assessments, develop assessment schedules, and ensure readiness
• Assess the effectiveness of security practices and ensure they align with the CMMC practices and processes.
• Interview key personnel within the organization to understand how cybersecurity practices are implemented and maintained.
• Evaluate sufficiency and adequacy of evidence to verify implementation.
• Maintain an objective and unbiased stance during the assessment process, ensuring that conclusions are based on facts and evidence.
• Ensure that all documentation is properly prepared for submission to eMASS if the organization is seeking certification.

To Be Successful:

• 5-8 years of experience testing and documenting IT security controls including experience managing and facilitating external IT audits.
• 5 years of experience leading external or internal audits, e.g., CMMC, FedRAMP, ISO 27001, PCI.
• 3 years of experience building security programs in alignment with NIST, CSF, NIST 800-53 and/or NIST 800-171.
• 3 years of experience with Cloud Security.
• CMMC Certified Assessor (CCA) or Certified Professional (CCP).
• CISSP, CISM, CISA, CRISC or other related certification.
• Self-driven, with a strong desire to succeed.
• Ability to engage with customers/executives and foster positive relationships.
• Exceptional communicator and ability to relay complex technical concepts to non-technical audience.

Why SP6?

• Recognized as one of North America’s top professional service partners.
• The chance to be part of a winning team and a premier Splunk partner.
• Competitive salary and OTE.
• 100% employer-paid health insurance (Gold-rated plan).
• 401(k) with company match.
• 30 days of annual paid time off (4 weeks Paid Time Off + Holidays)
• Significant Training and Development and Certification attainment.
• Opportunity for long-term career advancement.
• Your contributions are felt and recognized by our growing company.
• Grown over 100% in the last 2 years.

About SP6:

SP6 is an industry recognized C3PAO (Certified Third-Party Assessor Organization) dedicated to assisting organizations in effectively identifying and managing cyber risks while ensuring compliance with industry standards, federal laws, and regulations.

SP6 has developed, ASCERA, a powerful automation tool bringing security and compliance teams closer together by providing real-time testing of security controls to determine effectiveness and gather system generated evidence.

#LI-REMOTE

Job Tags

Similar Jobs