Sign upLog in

CMMC Certified Systems Security Manager

Apolis

Logan, UT

Apply
JOB DETAILS
SALARY
$90–$92 Per Hour
SKILLS
Cloud Computing, Computer Security, Documentation, Gap Analysis, Maintain Compliance, Quality Assurance Methodology, Risk Management Framework (RMF), Security Analysis, Security Monitoring, Systems Administration/Management, Traceability, U.S. National Institute of Standards and Technology (NIST), United States Department of Defense (DoD)
LOCATION
Logan, UT
POSTED
30 days ago

CMMC Certified Systems Security Manager
Logan,UT
6+ Months

Overview

We are seeking a Lead CMMC Certified Assessor (LCCA) and Senior Information Systems Security Manager (ISSM) with extensive Department of Defense (DoD) Risk Management Framework (RMF) experience to lead security control assessments, CMMC readiness, and Authorization to Operate (ATO) efforts across cloud and on premises environments. This role requires deep expertise in NIST SP 800 53, NIST SP 800 171/171A, CMMC 2.0 Level 2, and DoD cloud security requirements, with a strong ability to translate complex control environments into defensible audit outcomes.

The ideal candidate is a trusted advisor to System Owners, ISSOs, and Authorizing Officials, capable of driving assessment success through rigorous evidence review, gap analysis, and remediation strategy.

Key Responsibilities

CMMC & NIST Compliance Leadership

  • Lead CMMC 2.0 Level 2 readiness and assessment preparation, including scoping, boundary definition, and High-Value Asset (HVA) identification.
  • Validate security controls against NIST SP 800 171 and 800 171A Assessment Objectives using examination, interview, and testing methodologies.
  • Provide advisory support to OSCs and C3PAOs, ensuring alignment with the CMMC Assessment Process (CAP).

RMF & ATO Execution

  • Lead DoD RMF lifecycle activities (Categorize, Select, Implement, Assess, Authorize, Monitor) for cloud and on prem systems.
  • Prepare systems for DoD Client, reauthorizations, and extensions across FedRAMP, FedRAMP+, IL4, and IL5 environments.
  • Serve as Security Control Assessor (SCA-O) conducting formal and internal control assessments aligned with NIST SP 800 53.

Audit & Evidence Quality

  • Conduct rigorous objective evidence (artifact) reviews to ensure compliance, traceability, and audit defensibility.
  • Review and improve System Security Plans (SSPs), POA&Ms, and security artifacts to meet assessor and AO expectations.
  • Develop and refine Security Requirements Implementation Statements (SRIS) and assessment-ready documentation.

About the Company

A

Apolis

Since 1996, RJT has provided successful SAP, Oracle, and IT consulting solutions and staffing services to clients around the world. The new Apolis brings you the same personalized service fortified with a greater array of IT solutions, global expertise, and cost-management strategies.

We are a global IT consultancy that seamlessly integrates experts and leading-edge solutions into your organization so you can focus on what really matters.

COMPANY SIZE
500 to 999 employees
INDUSTRY
Computer/IT Services
EMPLOYEE BENEFITS
Paid Sick Days, Employee Referral Program, Employee Events, Retirement / Pension Plans
WEBSITE
https://www.apolisrises.com/

Resume Resources

Free Resume TemplatesFree Resume Builder