Technical Cyber Advisor

*** This is a hybrid position with a minimum of three days per week on site in Hanover, MD***

The Cybersecurity Advisor (CA) specializing in Cybersecurity Maturity Model Certification (CMMC) brings expert-level knowledge of IT and cybersecurity landscapes, and in-depth understanding of the CMMC framework. The Advisor will lead client organizations in achieving and maintaining CMMC compliance, serve as a trusted cybersecurity resource to technical and non‑technical stakeholders, and advise on cyber threats, technologies, and best practices to enhance overall security posture.

• Provide expert advice on risk analysis, incident management, compliance, and security architecture.
• Develop and implement cybersecurity strategies tailored to the organization’s needs and risk profile.
• Lead client organizations’ CMMC certification process, from initial assessment to final certification and continuous monitoring.
• Develop and implement a CMMC compliance roadmap, including timelines, resource allocation, and key milestones.
• Lead compliance and security assessments with various frameworks such as CMMC, ISO 27001, NIST 800‑171, NIST CSF, ISO 9001, and FedRAMP.
• Act as the primary point of contact for all cyber compliance matters, liaising with senior management, external auditors, and other stakeholders.

• Interpret and apply appropriate framework requirements to organization systems, processes, and policies.
• Collaborate with IT, security, and operational teams to implement necessary controls and measures for compliance.

• Conduct comprehensive gap analyses to identify deficiencies relative to applicable requirements.
• Develop and manage Plans of Action and Milestones (POA&Ms) to address gaps with timely corrective actions.

• Create and maintain policies, procedures, and documentation required for compliance, including System Security Plans (SSPs).
• Ensure stakeholders are informed of and adhere to these policies.

• Work with Instructional System Design teams to develop and deliver cybersecurity and awareness training.
• Conduct tabletop exercises to prepare for security breaches.
• Promote a culture of security awareness throughout the organization.

• Plan and conduct internal audits to evaluate control effectiveness and compliance.
• Prepare for and support external audits by certified third‑party assessors (e.g., C3
  
  PAOs).

• Implement continuous monitoring processes to ensure ongoing compliance.
• Regularly review and update security measures, policies, and procedures.

• Provide expert guidance and support to internal teams on CMMC and related initiatives.
• Identify, assess, and mitigate risks associated with non‑compliance.
• Develop risk management strategies aligned with security objectives.

• Maintain comprehensive records of compliance activities, audit findings, and remediation efforts.
• Prepare and present status reports to senior management, highlighting progress and next steps.

• Bachelor’s degree in Cyber Security, Information Technology, Computer Science, or a related field.
• Relevant certifications such as CISSP, CISM, CMMC‑AB Certified Assessor, or equivalent.
• Extensive experience in cybersecurity, focusing on compliance and regulatory standards.
• In‑depth knowledge of the CMMC framework.
• Strong project management and multitasking skills.
• Excellent communication and interpersonal skills.
• Proficiency in developing and implementing security policies and procedures.
• Analytical mindset with strong problem‑solving abilities.

• Master’s degree in Cyber Security, Information Technology, Computer Science, or a related field.
• Familiarity with other regulatory frameworks such as NIST SP 800‑171, ISO 27001, and DFARS.
• Experience working with government contractors and understanding of the federal contracting process.
• Strong technical background implementing security controls and technologies.
• Ability to adapt to changing regulatory landscapes and organizational needs.