CMMC Cyber Professional

About AG Grace, Inc.

AG Grace, Inc. is a cybersecurity and compliance consulting firm specializing in CMMC 2.0 readiness, NIST 800-171 compliance, DFARS 252.204-7012 / 7019 / 7020 advisory, and defense-sector cyber risk management . We partner with clients across aerospace, defense, manufacturing, software, and healthcare to build resilient, audit-ready programs that align with DoD requirements and industry best practices.

Position Overview

The CMMC Certified Professional (CCP) will serve as a hands-on compliance assessor, advisor, and project lead supporting our CMMC 2.0 readiness engagements. This role bridges technical cybersecurity knowledge and compliance interpretation, guiding clients through scoping, gap assessment, remediation, and readiness for C3PAO certification.

The ideal candidate has a strong grasp of NIST SP 800-171 , CMMC Level 1 2 controls , and experience with both technical controls and governance documentation (SSP, POA&M, policies). You'll work closely with vCISOs, engineers, and client stakeholders to deliver measurable compliance outcomes.

Key Responsibilities

Conduct CMMC 2.0 Gap Assessments and readiness reviews for client environments across diverse industries.

Interpret and apply CMMC and NIST SP 800-171 controls to assess compliance posture and identify gaps.

Assist in defining system boundaries, data flow diagrams, and in-scope assets for FCI / CUI.

Draft or refine key compliance documents including :

System Security Plans (SSP)

Plans of Action and Milestones (POA&M)

Security policies, standards, and procedures

Risk assessments and evidence artifacts

Support remediation and implementation of both technical and administrative controls.

Work directly with client technical teams to validate control implementation (MFA, logging, EDR, encryption, patching, backups, etc.).

Prepare clients for mock assessments and C3PAO audits , including interview coaching and artifact validation.

Maintain up-to-date knowledge of CMMC, DFARS, NIST, FedRAMP, FIPS , and DoD cybersecurity developments.

Contribute to continuous improvement of AG Grace's assessment methodologies and templates.

Optionally mentor junior analysts or contribute to internal training content for AG Grace's CMMC practice.

Qualifications

Required :

Active CMMC Certified Professional (CCP) credential from the Cyber AB.

5-7 years of experience in cybersecurity, compliance, or audit (DoD, defense industrial base, or regulated industry).

Working knowledge of NIST SP 800-171 , CMMC 2.0 Levels 1 2 , and related DFARS clauses.

Experience developing SSPs, POA&Ms, and evidence documentation.

Understanding of core cybersecurity domains : access control, incident response, configuration management, system hardening, and vulnerability management.

Excellent communication, presentation, and client-facing skills.

U.S. Citizenship required (due to DoD client engagements).

Preferred :

Active CISSP, CISA, CISM, CAP , or Security+ certification.

Familiarity with NIST SP 800-53, 800-171A, 800-37, 800-30 , and ISO 27001 .

Experience with C3PAO readiness activities or as part of an accredited assessment team.

Prior experience with defense, aerospace, or manufacturing clients.

Experience supporting MSP / MSSP or cloud (Microsoft GCC High, AWS GovCloud, etc.) environments.

Key Competencies

Analytical and detail-oriented with strong risk-based decision-making skills.

Ability to translate technical controls into business language for executives.

Confident facilitator and communicator across cross-functional teams.

Proven ability to manage multiple clients and deadlines in a consulting environment.

Strong writing and documentation skills.

What We Offer

Competitive compensation and performance bonuses.

Comprehensive benefits (medical, dental, vision, 401(k)).

Paid training, exam reimbursement, and certification support.

Flexible hybrid or fully remote work model.

Opportunity to advance to CMMC Certified Assessor (CCA) and leadership roles.

A mission-driven environment protecting the U.S. defense supply chain.