Location** This is a remote opportunity open to candidates located anywhere in the U.S. **The Main Responsibilities** + Execute continuous monitoring activities across a CMMC L2 enclave, ensuring ongoing compliance with NIST SP 800-171 controls + Maintain audit-ready evidence repositories, including policies, procedures, and technical artifacts + Perform periodic control assessments, validation, and remediation tracking + Support POA&M management, including identification, documentation, and closure of findings + Leverage GRC tools to manage controls, track compliance status, and maintain evidence + Collaborate with system owners, engineers, and ISSOs to ensure proper control implementation and sustainment + Prepare for and support C3PAO assessments, surveillance reviews, and re-certification activities + Track and report compliance status, risks, and metrics to leadership + Assist in updating SSPs, network diagrams, data flow diagrams, and supporting documentation **What We Look For in a Candidate** **Required Qualifications:** + CMMC Registered Practitioner Advanced (RPA) + CMMC Certified Professional (CCP) certification within the first six months + Demonstrated experience supporting a successful CMMC Level 2 C3PAO assessment + Experience with continuous monitoring, audit preparation, and compliance documentation + Strong working knowledge of NIST SP 800-171 controls and assessment objectives + Working knowledge of FAR, DFARS, and CMMC-related cybersecurity and contracting requirements for Defense Industrial Base contractors. + Familiarity with evolving CMMC requirements + Experience integrating GRC platforms into continuous monitoring workflows and reporting + Familiarity with POA&M management and remediation processes + Ability to work in a structured, compliance-driven environment with strong attention to detail **Preferred Qualifications:** + CMMC Certified Assessor (CCA) certification + Experience supporting FedRAMP Moderate or High ATO environments + Hands-on experience using GRC tools such as ServiceNow IRM, Diligent, Archer, or similar platforms + Understanding of cloud environments (Azure Gov, AWS GovCloud) in regulated enclaves **Compensation** This information reflects the anticipated base salary range for this position based on current national data.