Manager, CMMC Cybersecurity Assessor
Forvis Mazars US, Springfield, MO, United States
Description & Requirements
The IT Risk & Compliance team helps organizations manage IT governance, cybersecurity, and regulatory compliance across industries. With expertise in frameworks like CMMC, NIST, and ISO 27001, they offer services including IT audits, risk assessments, ransomware simulations, and control testing. Their tailored strategies ensure data security, regulatory alignment, and operational continuity—empowering clients to navigate today's complex digital risk landscape with confidence.
What You Will Do
Lead the execution of information security risk and compliance assessments across federal and government-mandated cybersecurity frameworks, including:
CMMC (Cybersecurity Maturity Model Certification)
NIST SP 800-171 and 800-53
FedRAMP/StateRAMP
NIST Cybersecurity Framework (CSF)
Oversee the evaluation of IT environments to identify compliance gaps and security vulnerabilities; ensure delivery of comprehensive reports with strategic recommendations and proof‑of‑concept solutions.
Manage and direct NIST SP 800-171 assessments to support CMMC Level 2 certification readiness, ensuring alignment with evolving regulatory requirements.
Provide leadership to consulting teams supporting large enterprise clients across diverse industries by:
Defining system boundaries and scoping in‑scope environments
Guiding the development of critical documentation, including System Security Plans (SSPs), policies, procedures, POA&Ms, and cybersecurity strategies
Designing and implementing integrated compliance solutions to streamline processes, enhance data flows, and reduce cyber risk
Drive project delivery by managing multiple concurrent engagements, ensuring adherence to timelines, budgets, and quality standards.
Spearhead the development of new strategic service offerings in the federal cybersecurity compliance space, including:
Designing scalable solution frameworks and roadmaps
Mentoring and developing junior team members
Supporting business development initiatives and client relationship management
Minimum Qualifications
Bachelor's Degree in Cybersecurity, Management Information Systems (MIS), Computer Science, or a related field
5+ years of relevant experience in cybersecurity, IT audit, or governance, risk, and compliance (GRC)
Experience in at least one of the following frameworks:
NIST Cybersecurity Framework (CSF)
Cybersecurity Maturity Model Certification (CMMC) and/or NIST SP 800-171
Payment Card Industry Data Security Standard (PCI DSS)
ISO 27001 / 27002
FedRAMP / StateRAMP
FISMA and NIST SP 800-53
CIS Critical Security Controls
Experience providing consulting, assessment, or implementation services associated with federal cyber compliance frameworks, including NIST 800-171, FISMA, or FedRAMP.
Working knowledge of cyber risk management frameworks (CMMC / NIST 800-171, FISMA, FedRAMP, NIST CSF, NIST SP 800-53)
General knowledge of common compliance frameworks (PCI DSS, ISO 27001, HIPAA/HITRUST)
Proficiency in Microsoft Office Suite
CMMC Certified Assessor (CCA) credential
Preferred Qualifications
Professional services or consulting experience
Current and valid cybersecurity and/or privacy-related certification(s), including but not limited to: CISSP, CISA, CISM, QSA, and CIPP
#J-18808-Ljbffr
What You Will Do
Lead the execution of information security risk and compliance assessments across federal and government-mandated cybersecurity frameworks, including:
CMMC (Cybersecurity Maturity Model Certification)
NIST SP 800-171 and 800-53
FedRAMP/StateRAMP
NIST Cybersecurity Framework (CSF)
Oversee the evaluation of IT environments to identify compliance gaps and security vulnerabilities; ensure delivery of comprehensive reports with strategic recommendations and proof‑of‑concept solutions.
Manage and direct NIST SP 800-171 assessments to support CMMC Level 2 certification readiness, ensuring alignment with evolving regulatory requirements.
Provide leadership to consulting teams supporting large enterprise clients across diverse industries by:
Defining system boundaries and scoping in‑scope environments
Guiding the development of critical documentation, including System Security Plans (SSPs), policies, procedures, POA&Ms, and cybersecurity strategies
Designing and implementing integrated compliance solutions to streamline processes, enhance data flows, and reduce cyber risk
Drive project delivery by managing multiple concurrent engagements, ensuring adherence to timelines, budgets, and quality standards.
Spearhead the development of new strategic service offerings in the federal cybersecurity compliance space, including:
Designing scalable solution frameworks and roadmaps
Mentoring and developing junior team members
Supporting business development initiatives and client relationship management
Minimum Qualifications
Bachelor's Degree in Cybersecurity, Management Information Systems (MIS), Computer Science, or a related field
5+ years of relevant experience in cybersecurity, IT audit, or governance, risk, and compliance (GRC)
Experience in at least one of the following frameworks:
NIST Cybersecurity Framework (CSF)
Cybersecurity Maturity Model Certification (CMMC) and/or NIST SP 800-171
Payment Card Industry Data Security Standard (PCI DSS)
ISO 27001 / 27002
FedRAMP / StateRAMP
FISMA and NIST SP 800-53
CIS Critical Security Controls
Experience providing consulting, assessment, or implementation services associated with federal cyber compliance frameworks, including NIST 800-171, FISMA, or FedRAMP.
Working knowledge of cyber risk management frameworks (CMMC / NIST 800-171, FISMA, FedRAMP, NIST CSF, NIST SP 800-53)
General knowledge of common compliance frameworks (PCI DSS, ISO 27001, HIPAA/HITRUST)
Proficiency in Microsoft Office Suite
CMMC Certified Assessor (CCA) credential
Preferred Qualifications
Professional services or consulting experience
Current and valid cybersecurity and/or privacy-related certification(s), including but not limited to: CISSP, CISA, CISM, QSA, and CIPP
#J-18808-Ljbffr