- Company Name
- ASCERA
- Job Title
- Security Compliance Consultant
- Job Description
-
**Job title**
Security Compliance Consultant
**Role Summary**
Provide expert guidance to organizations on cybersecurity compliance, focusing on NIST SP 800‑171, CMMC, FedRAMP, DFARS 7012, and related frameworks. Lead gap assessments, develop POA&M plans, conduct formal C3PAO assessments, and support ongoing compliance initiatives. Deliver training, advise product teams on monitoring tools, and maintain strong client relationships.
**Expectations**
- Act as a trusted compliance SME for defense industrial base clients.
- Own customer projects, ensuring timely delivery of assessments and readiness plans.
- Translate regulatory requirements into actionable controls and business processes.
- Communicate findings and recommendations to technical and non‑technical stakeholders.
- Maintain professional certifications and stay current with evolving compliance standards.
**Key Responsibilities**
- Lead cybersecurity gap assessments aligned with NIST SP 800‑171 and CMMC.
- Conduct C3PAO assessments: plan schedules, interview personnel, evaluate evidence, and prepare documentation for eMASS.
- Develop and implement Plans of Action and Milestones (POA&M).
- Advise on FedRAMP, DFARS 7012, and other federal compliance initiatives.
- Deliver training to internal teams and clients on compliance controls and testing methods.
- Support ASCERA product team with NIST continuous monitoring integration.
- Foster relationships with clients, executives, and internal stakeholders.
- Perform test of design and operating effectiveness for IT controls.
**Required Skills**
- Proficient in NIST SP 800‑171, CMMC, FedRAMP, DFARS 7012, ISO 27001, PCI, and related frameworks.
- Ability to conduct formal assessments, gap analysis, and develop POA&M.
- Strong communication skills for translating technical concepts to non‑technical audiences.
- Project management skills: schedule planning, documentation, and stakeholder coordination.
- Analytical mindset to evaluate evidence and maintain objective assessment integrity.
**Required Education & Certifications**
- Minimum 2 years of experience testing and documenting IT security controls.
- Minimum 2 years of experience leading external/internal audits (CMMC, FedRAMP, ISO 27001, PCI).
- Minimum 2 years of cybersecurity experience.
- Certifications: CMMC Certified Assessor (CCA) or Certified Professional (CCP); plus one of Security+, CySA+, CISA, CISM, SSCP, CISSP, or equivalent.
Clearwater, United states
Remote
Junior
04-02-2026