Eccalon, LLC
***This is a hybrid position with a minimum of three days per week on site in Hanover, MD***
Job Description The Cybersecurity Advisor (CA) specializing in Cybersecurity Maturity Model Certification (CMMC) brings expert-level knowledge of IT and cybersecurity landscapes, and in-depth understanding of the CMMC framework. The Advisor will lead client organizations in achieving and maintaining CMMC compliance, serve as a trusted cybersecurity resource to technical and non‑technical stakeholders, and advise on cyber threats, technologies, and best practices to enhance overall security posture.
Key Responsibilities
Provide expert advice on risk analysis, incident management, compliance, and security architecture.
Develop and implement cybersecurity strategies tailored to the organization’s needs and risk profile.
Lead client organizations’ CMMC certification process, from initial assessment to final certification and continuous monitoring.
Develop and implement a CMMC compliance roadmap, including timelines, resource allocation, and key milestones.
Lead compliance and security assessments with various frameworks such as CMMC, ISO 27001, NIST 800‑171, NIST CSF, ISO 9001, and FedRAMP.
Act as the primary point of contact for all cyber compliance matters, liaising with senior management, external auditors, and other stakeholders.
Framework Implementation
Interpret and apply appropriate framework requirements to organization systems, processes, and policies.
Collaborate with IT, security, and operational teams to implement necessary controls and measures for compliance.
Gap Analysis and Remediation
Conduct comprehensive gap analyses to identify deficiencies relative to applicable requirements.
Develop and manage Plans of Action and Milestones (POA&Ms) to address gaps with timely corrective actions.
Policy and Procedure Development
Create and maintain policies, procedures, and documentation required for compliance, including System Security Plans (SSPs).
Ensure stakeholders are informed of and adhere to these policies.
Training and Awareness
Work with Instructional System Design teams to develop and deliver cybersecurity and awareness training.
Conduct tabletop exercises to prepare for security breaches.
Promote a culture of security awareness throughout the organization.
Audits and Assessments
Plan and conduct internal audits to evaluate control effectiveness and compliance.
Prepare for and support external audits by certified third‑party assessors (e.g., C3PAOs).
Continuous Monitoring and Improvement
Implement continuous monitoring processes to ensure ongoing compliance.
Regularly review and update security measures, policies, and procedures.
Stakeholder Engagement
Provide expert guidance and support to internal teams on CMMC and related initiatives.
Identify, assess, and mitigate risks associated with non‑compliance.
Develop risk management strategies aligned with security objectives.
Reporting and Documentation
Maintain comprehensive records of compliance activities, audit findings, and remediation efforts.
Prepare and present status reports to senior management, highlighting progress and next steps.
Required Qualifications
Bachelor’s degree in Cyber Security, Information Technology, Computer Science, or a related field.
Relevant certifications such as CISSP, CISM, CMMC‑AB Certified Assessor, or equivalent.
Extensive experience in cybersecurity, focusing on compliance and regulatory standards.
In‑depth knowledge of the CMMC framework.
Strong project management and multitasking skills.
Excellent communication and interpersonal skills.
Proficiency in developing and implementing security policies and procedures.
Analytical mindset with strong problem‑solving abilities.
Preferred Qualifications
Master’s degree in Cyber Security, Information Technology, Computer Science, or a related field.
Familiarity with other regulatory frameworks such as NIST SP 800‑171, ISO 27001, and DFARS.
Experience working with government contractors and understanding of the federal contracting process.
Strong technical background implementing security controls and technologies.
Ability to adapt to changing regulatory landscapes and organizational needs.
#J-18808-Ljbffr
Job Description The Cybersecurity Advisor (CA) specializing in Cybersecurity Maturity Model Certification (CMMC) brings expert-level knowledge of IT and cybersecurity landscapes, and in-depth understanding of the CMMC framework. The Advisor will lead client organizations in achieving and maintaining CMMC compliance, serve as a trusted cybersecurity resource to technical and non‑technical stakeholders, and advise on cyber threats, technologies, and best practices to enhance overall security posture.
Key Responsibilities
Provide expert advice on risk analysis, incident management, compliance, and security architecture.
Develop and implement cybersecurity strategies tailored to the organization’s needs and risk profile.
Lead client organizations’ CMMC certification process, from initial assessment to final certification and continuous monitoring.
Develop and implement a CMMC compliance roadmap, including timelines, resource allocation, and key milestones.
Lead compliance and security assessments with various frameworks such as CMMC, ISO 27001, NIST 800‑171, NIST CSF, ISO 9001, and FedRAMP.
Act as the primary point of contact for all cyber compliance matters, liaising with senior management, external auditors, and other stakeholders.
Framework Implementation
Interpret and apply appropriate framework requirements to organization systems, processes, and policies.
Collaborate with IT, security, and operational teams to implement necessary controls and measures for compliance.
Gap Analysis and Remediation
Conduct comprehensive gap analyses to identify deficiencies relative to applicable requirements.
Develop and manage Plans of Action and Milestones (POA&Ms) to address gaps with timely corrective actions.
Policy and Procedure Development
Create and maintain policies, procedures, and documentation required for compliance, including System Security Plans (SSPs).
Ensure stakeholders are informed of and adhere to these policies.
Training and Awareness
Work with Instructional System Design teams to develop and deliver cybersecurity and awareness training.
Conduct tabletop exercises to prepare for security breaches.
Promote a culture of security awareness throughout the organization.
Audits and Assessments
Plan and conduct internal audits to evaluate control effectiveness and compliance.
Prepare for and support external audits by certified third‑party assessors (e.g., C3PAOs).
Continuous Monitoring and Improvement
Implement continuous monitoring processes to ensure ongoing compliance.
Regularly review and update security measures, policies, and procedures.
Stakeholder Engagement
Provide expert guidance and support to internal teams on CMMC and related initiatives.
Identify, assess, and mitigate risks associated with non‑compliance.
Develop risk management strategies aligned with security objectives.
Reporting and Documentation
Maintain comprehensive records of compliance activities, audit findings, and remediation efforts.
Prepare and present status reports to senior management, highlighting progress and next steps.
Required Qualifications
Bachelor’s degree in Cyber Security, Information Technology, Computer Science, or a related field.
Relevant certifications such as CISSP, CISM, CMMC‑AB Certified Assessor, or equivalent.
Extensive experience in cybersecurity, focusing on compliance and regulatory standards.
In‑depth knowledge of the CMMC framework.
Strong project management and multitasking skills.
Excellent communication and interpersonal skills.
Proficiency in developing and implementing security policies and procedures.
Analytical mindset with strong problem‑solving abilities.
Preferred Qualifications
Master’s degree in Cyber Security, Information Technology, Computer Science, or a related field.
Familiarity with other regulatory frameworks such as NIST SP 800‑171, ISO 27001, and DFARS.
Experience working with government contractors and understanding of the federal contracting process.
Strong technical background implementing security controls and technologies.
Ability to adapt to changing regulatory landscapes and organizational needs.
#J-18808-Ljbffr