Cybersecurity Consultant - CMMC Certified Assessor (CCA)

Gray Analytics was founded in 2018 with a vision to bring innovative and creative solutions in the cybersecurity, IT, engineering, and scientific spheres. Our customers span across the commercial and federal domains with our goal being to bring excellent customer service to our clients and employees.

Without the bureaucracy that often exists in larger corporations, Gray Analytics offers increased work flexibility, visibility in company progress, and greater opportunities for advancement. It's with our employees' support that we can help our clients achieve mission and operational success.

At Gray Analytics, our goal is simple: to help our country, its businesses, and its organizations improve security in the Cyber realm. Period.

Position Title: Cybersecurity Consultant - CMMC Certified Assessor

Location: Fully Remote

Travel Required: 50% both CONUS and OCONUS

Status: Full-time; Exempt

Position Description:

Gray Analytics is seeking a motivated and dedicated Senior Cybersecurity Consultant that is a recognized CMMC Certified Assessor (CCA) by the CyberAB to assess, advise, and support commercial clients.

Other duties may include:

• Conduct comprehensive assessments of Defense Industrial Base (DIB) organizational networks and systems to identify any vulnerabilities and to confirm they meet the necessary CMMC level requirements.
• Work with organizations to design and implement security measures and controls, in line with CMMC standards, to protect sensitive data and systems from infiltration and cyber-attacks.
• Coordinate with various teams within an organization to develop and implement the action plans necessary to achieve CMMC compliance.
• Assist organizations with the review and update of existing security policies and procedures to align with evolving CMMC requirements and best practices in cybersecurity.
• Prepare detailed reports on the status of an organization's CMMC compliance.
• Keep abreast of the latest cybersecurity threats and trends, as well as updates to the CMMC framework.
• Achieve utilization targets, complete projects on time and budget, and meet quality standards.
• Study, learn, test, document, execute and seek to continuously improve scalable consulting services processes to effectively deliver customer engagements while achieving a high level of customer satisfaction.
• Execute project planning, scheduling, and other coordination of internal and customer resources to conduct interviews, meetings, and presentations.
• Prepare and deliver thoughtful, insightful, and professional presentations to customers and internal Gray Analytics stakeholders.
• Create, review and edit findings, observations, and recommendations reports.
• Become knowledgeable of Gray Analytics service offerings, sales process, marketing materials, contract and SOW structure, methodologies, delivery standards, work tools, and processes.
• Pursue additional education and stay current on best practices, technical skills, and tools related to the position's duties.
• This position has significant interaction with internal and external stakeholders, including colleagues, customers, partners, subcontractors, and potential investors. This position requires a strong customer service orientation and the ability to:
• Work independently on a variety of projects simultaneously,
• Exercise good judgment and initiative to manage priorities,
• Quickly develop trusting relationships with a variety of Defense Industrial Base compliance and information system professionals,
• Pose questions and listen to customer responses effectively to draw out essential facts, data, business process descriptions, sensitivities, and perspectives, and
• Demonstrate strong organizational abilities, effective writing skills, and communications skills.
• Develop presentations with clear messages, and effective slides, and deliver these presentations to senior executives
• Lead teams of internal and external stakeholders to drive security projects forward
• Identify and manage client engagement risks and issues

Required Qualifications:

Must be a CMMC Certified Assessor - CCA

• Strong understanding and experience with Cybersecurity Risk Management principles with an emphasis on Framework Adoptions.
• Specific expertise in at least one of the below frameworks required:
  • NIST Cybersecurity Framework (NIST CSF)
  • NIST Risk Management Framework (NIST RMF)
  • DoD Cybersecurity Policies including DFARS 7012, NIST 800-171 and CMMC
  • HIPAA Security Rule / HITRUST
  • ISO 27001 o System and Organizational Controls (SOC)
  • Center for Internet Security (CIS)
• Ability and experience conducting Risk Assessments to include NIST 800-30 and/or CIS RAM methodologies.
• In-depth understanding of cyber security policy, tools, threat mitigation techniques, network topologies, and secure network design.
• Ability to identify project requirements, develop project costs/schedules, coordinate technical activities, and implement risk mitigation activities.
• Experience leading or conducting cyber assessments.
• Experience in designing and reviewing system architecture designs.
• Excellent technical writing and verbal communication skills.
• Ability to present findings and recommendations to an executive team or board.

Preferred Qualifications:

• CMMC Provisional Assessor (PA) / Certified Assessor (CCA) / Certified Professional (CCP)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Privacy Professional (CIPP)
• Certified Ethical Hacker (CEH) or equivalent
• Certified Incident Handler (ECIH) or equivalent
• COMPTIA Security+, GIAC Security Essentials (GSEC), or equivalent

Security Requirements:

An Active Secret Clearance is required at the time of hire in order to be considered.

About Gray Analytics

Gray Analytics values our employees as our most important resource. To showcase these values, we offer not only traditional medical, disability, life, etc. coverages that begin on day one of employment, but also unique benefits to improve our employees' quality of life. Some of these unique benefits include:

• A PTO policy based on total years of experience, not years of service to the company. PTO is available for use immediately at hire, subject to company needs.
• Eligibility for 401K contributions and company matching, Pet Insurance through Spot, Flexible Spending Account, and Tuition and Professional Development Funds begin on day one of employment.
• Charitable donations program on a yearly and quarterly basis where employees can nominate a non-profit of choice to receive donations.

Gray Analytics is an Equal Opportunity Employer and VEVRAA Federal Contractor. This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on their race, color, religion, sex, gender identity, sexual orientation, or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, protected veteran status or disability. Gray Analytics, Inc. welcomes minority and veteran applicants.