CMMC Compliance Consultant

Company Description

Agile IT is a Microsoft AOS-G partner and Cyber AB Registered Practitioner Organization (RPO) serving the Defense Industrial Base (DIB). We specialize in helping defense contractors meet CMMC compliance and operate securely in Microsoft cloud environments. As a C3PAO candidate, we are building a purpose-built, compliance-oriented Managed Service Provider (MSP) and are seeking individuals to help shape this next chapter.

Job Description

The CMMC Compliance Consultant serves as the subject matter expert responsible for guiding DIB clients through the complete CMMC lifecycle. You will own engagements end-to-end, from initial gap assessments to producing assessor-ready documentation. You will be the technical authority clients rely on for complex compliance requirements. This practitioner-level role involves scoping CUI environments, building compliant System Security Plans (SSPs) and Plans of Action & Milestones (POA&Ms), and translating regulatory language into actionable guidance. You will also participate in pre-sales calls, deliver executive readouts, mentor junior consultants, and contribute to refining the practice's methodology.

What You’ll Own

• Assessment and Advisory: Lead and execute CMMC Level 2 gap assessments against all 110 NIST SP 800-171 Rev 2 practices across the 14 control domains. Conduct readiness reviews and deliver findings with prioritized remediation roadmaps.
• Assessor-Ready Documentation: Author and maintain SSPs, POA&Ms, policies, procedures, and implementation narratives using the NIST SP 800-171A examine, test, and interview methodology. Build CMMC-scoped network diagrams, data flow diagrams, and CUI boundary documentation.
• CUI Environment Scoping: Evaluate client environments scoped to CUI systems, including Microsoft 365 GCC and GCC High, Intune, and Microsoft Defender for Endpoint, as well as specialized platforms like PreVeil.
• Client Engagement: Serve as the primary technical point of contact for assigned DIB accounts throughout the compliance lifecycle. Facilitate interviews with client staff to validate controls and gather evidence, and present status and executive readouts with clarity.
• GRC Platform Integrity: Own data integrity within the GRC platform (e.g., IntelliGRC) for SSP management, POA&M tracking, and evidence management.
• Practice Development: Improve internal CMMC methodologies, templates, and tooling. Mentor junior consultants and stay current with CMMC Program rule changes (32 CFR Part 170, DFARS 252.204-7021) and Cyber AB guidance updates.

Qualifications

Required:

• Active CMMC Certified Professional (CCP) credential in good standing with the Cyber AB.
• Active CMMC Certified Assessor (CCA) credential in good standing with the Cyber AB.
• Minimum 5 years of progressive IT experience, with at least 2 years focused on cybersecurity.
• Minimum 1 year of direct CMMC, DFARS 252.204-7012/7021, NIST SP 800-171, or other compliance consulting experience.
• Demonstrated expertise in scoping CUI environments and applying NIST SP 800-171 Rev 2 across all 14 control families.
• Hands-on experience with Microsoft 365 Commercial, GCC, and/or GCC High environments in a CMMC compliance context.
• Working knowledge of Azure Sentinel, Microsoft Defender for Endpoint (MDE), and Intune within CMMC-scoped environments.
• Strong proficiency in writing SSP implementation narratives, NIST 800-171A-aligned assessment procedures, and POA&M documentation.
• Familiarity with FedRAMP Moderate authorization requirements and cloud service provider boundary scoping.
• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a closely related field.

Preferred:

• Experience with PreVeil, Lifeline, or other CUI-designated encrypted collaboration platforms.
• Experience supporting multi-site CMMC Level 2 assessments in manufacturing, defense electronics, or aerospace sectors.
• Prior experience as a C3PAO team member on an assessment.
• Experience with GRC platforms such as IntelliGRC or equivalent.

Additional Information

• Department: Compliance.
• Reports to the Lead CMMC Compliance Manager.
• Full-time, fully remote position.

Agile IT runs on its RISE values: Reliability, Integrity, Stewardship, and Excellence. We hire people who live them.