CMMC Assessment Lead
About SecureITSM
SecureITSM is a Certified CMMC Managed Service Provider (MSP) supporting Department of Defense (DoD) contractors that must obtain and maintain Cybersecurity Maturity Model Certification (CMMC). SecureITSM is a CMMC Certified Organization (CMMC UID #L200002160) and has developed a proprietary CMMC documentation and compliance platform designed to streamline assessment preparation, evidence management, and ongoing compliance operations.
We are seeking a highly organized and technically skilled CMMC Assessment Lead to oversee the planning, preparation, coordination, and support of customer CMMC assessments conducted by authorized C3PAOs. This role is critical to ensuring our customers successfully achieve and maintain compliance with NIST SP 800-171 Rev. 2 and future Rev. 3 requirements.
The ideal candidate combines deep cybersecurity and compliance expertise with exceptional project management, customer communication, and assessment defense capabilities.
Location and Travel: This is a remote position with occasional travel required to support customer assessments.
Position Summary
The CMMC Assessment Manager will oversee customer assessment readiness activities from initial scheduling through final assessment support and remediation coordination. The role requires direct interaction with customers, assessors, internal engineering teams, and executive leadership.
This individual will manage multiple concurrent customer engagements while ensuring assessment artifacts, implementation statements, policies, procedures, and evidentiary documentation are accurate, complete, and defensible.
Key Responsibilities
Plan and Coordinate Assessments (Primary)Maintain the master CMMC customer assessment schedule
Coordinate assessment timelines with customers, C3PAOs, and internal SecureITSM teams
Conduct readiness reviews and pre-assessment planning meetings
Track customer assessment milestones, dependencies, and remediation activities
Manage customer communications related to assessment preparation and scheduling
Coordinate Rules of Engagement (ROE), assessment logistics, and secure evidence transfer processes
Monitor assessment status and provide executive-level reporting on customer readiness
Assist customers in understanding assessment scope, boundary definitions, and enclave considerations
Prepare Assessment Packages (Primary)Update implementation statements as needed
Gather and organize evidentiary artifacts
Coordinate customer evidence collection activities
Review SSPs, policies, procedures, and supporting documentation for assessment readiness
Validate evidence traceability to NIST SP 800-171 requirements and assessment objectives
Prepare assessor-ready evidence packages and artifact repositories
Conduct internal quality assurance reviews of documentation and evidence
Identify documentation gaps and coordinate remediation activities
Support development and maintenance of Plans of Action & Milestones (POA&Ms)
Ensure documentation aligns with evolving CMMC and NIST guidance
Support Customer Assessments (Primary)Attend and actively support customer assessments
Actively defend implementations and evidence presented to assessors
Coordinate assessment interviews and technical demonstrations
Support mock assessments and readiness exercises for customers
Assist customers in responding to assessor requests and follow-up questions
Document assessment observations, findings, and remediation actions
Coordinate post-assessment remediation activities and evidence resubmissions when required
Serve as a trusted advisor throughout the certification lifecycle
Maintain SecureITSM’s Authorization and Compliance (Secondary)Conduct SecureITSM’s annual self-assessment activities
Maintain internal compliance documentation and evidentiary artifacts
Coordinate annual evidence collection activities (e.g., training certificates, access reviews, vulnerability scans)
Assist with internal policy and procedure updates
Support ongoing continuous monitoring and compliance validation activities
Track changes to CMMC, NIST SP 800-171, and related DoD guidance affecting internal compliance posture
Implementation Statement Management (Secondary)Maintain and update SecureITSM master implementation statement libraries aligned to NIST SP 800-171 and evolving CMMC guidance
Develop and maintain industry-specific implementation statement sets (e.g., manufacturing, engineering, professional services, telework-only environments)
Standardize implementation language and evidence expectations across customer environments
Coordinate updates to implementation statements based on assessment findings, regulatory changes, and best practices
Validate implementation statements for technical accuracy, completeness, and assessor defensibility
Support continuous improvement of SecureITSM’s proprietary documentation platform and implementation content library
Maintain and Improve Standard Operating Procedures (Secondary)Develop and maintain assessment preparation Standard Operating Procedures (SOPs)
Continuously improve evidence collection and assessment support workflows
Create standardized templates, checklists, and assessment playbooks
Document lessons learned and incorporate process improvements
Maintain internal knowledge base articles and operational documentation
Assist in refining SecureITSM’s proprietary CMMC documentation platform workflows and processes
Required QualificationsU.S. Citizenship required
Detailed understanding of Microsoft Azure, Microsoft Defender, Microsoft Sentinel, Microsoft 365 GCC/GCC High, and related Microsoft security technologies
6+ years of cybersecurity experience with strong focus on NIST SP 800-53 and/or NIST SP 800-171
Experience supporting compliance assessments, audits, or certification activities
Strong understanding of CMMC assessment methodology and evidence requirements
Excellent technical writing and communication skills
Strong project management and organizational abilities
Exceptional attention to detail
Ability to manage multiple customer engagements simultaneously
Experience working directly with external assessors, auditors, or regulatory bodies
Familiarity with secure project management and compliance collaboration platforms
Preferred QualificationsPMP certification preferred
CMMC Certified Professional (CCP) or Certified Assessor (CCA) preferred
CISSP, CISM, or equivalent cybersecurity certification preferred
Experience supporting DoD contractors or working within the Defense Industrial Base (DIB)
Familiarity with FedRAMP and DFARS 252.204-7012
Experience with SIEM, vulnerability management, and endpoint protection technologies
Key AttributesStrong leadership and customer engagement skills
Ability to remain composed and professional during high-pressure assessment activities
Analytical thinker with strong problem-solving capabilities
Self-motivated with ability to work independently
Collaborative team player with strong interpersonal skills
High level of integrity and professionalism
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, status as a protected veteran or any other basis prohibited by law.
#ZR