GRC and CMMC Assessment Lead - Senior Manager

Responsibilities

• Client Advisory & Delivery:
• Lead end-to-end CMMC assessment and GRC engagements, including scoping, gap analysis, SSP/POAM development, remediation planning, and executive reporting.
• Design and operationalize cybersecurity governance models (policies, standards, risk appetite, committees, reporting KPIs/KRIs).
• Build and mature enterprise risk programs: risk assessments, risk registers, control libraries, and control testing approaches.
• Conduct CMMC readiness assessments and mock assessments against NIST SP 800-171 practice domains; develop and implement security policies, standards, and procedures aligned to applicable frameworks (CMMC, NIST CSF, ISO 27001/27002, CIS, SOC 2, FedRAMP).
• Support regulatory readiness and compliance initiatives (e.g., SEC cyber disclosure support, NYDFS 500, GDPR/UK GDPR, CCPA/CPRA, HIPAA, PCI DSS, SOX ITGC, CMMC, FedRAMP alignment where applicable).
• Advise defense industrial base (DIB) clients on Controlled Unclassified Information (CUI) scoping, CUI registry management, and system boundary definition to support CMMC Level 2 and Level 3 compliance.
• Perform vendor/third-party risk assessments and implement scalable TPRM operating models, including supply chain risk assessments in the context of DFARS and CMMC flow-down requirements.
• Support clients in developing and maintaining SPRS scores, POA&Ms, and System Security Plans (SSPs) to demonstrate assessment readiness.
• Coordinate cross-functional stakeholders (Legal, IT, Security, Compliance, Product, HR) to drive outcomes and adoption.
• Executive Communication & Stakeholder Management:
• Translate complex technical, regulatory, and privacy requirements into business-oriented recommendations.
• Deliver executive-ready artifacts: board/audit committee materials, roadmaps, operating models, heatmaps, and risk dashboards.
• Serve as a trusted advisor to senior leadership; confidently present findings and influence decisions.
• Practice Development & Leadership:
• Contribute to go-to-market development: offerings, templates, accelerators, methodologies, and points of view.
• Support business development through proposal writing, SOW development, client presentations, and solution shaping.
• Mentor and develop consultants and managers; lead teams across multiple engagements while maintaining quality and delivery rigor.
• Partner with other CFGI service lines (Accounting Advisory, CFO Advisory, Technology Enablement) to deliver integrated solutions.
• Required Qualifications:
• Eight plus years of relevant experience in cybersecurity GRC, CMMC assessment, risk management, compliance, or consulting (level will map to experience); hands-on CMMC assessment or readiness support experience strongly preferred.
• Bachelor's degree in a related field is required.
• Demonstrated expertise implementing and operationalizing cybersecurity frameworks and control programs: CMMC Level 2 & Level 3, NIST SP 800-171 / 800-172 (required); NIST CSF / NIST 800-53, ISO 27001/27002, SOC 2, CIS, FedRAMP Controls (supporting experience valued)
• Exceptional written and verbal communication skills with a track record of producing executive-level deliverables.
• Proven ability to lead teams, manage timelines/budgets, and deliver in a client-facing environment.
• Preferred Qualifications (Nice-to-Have):
• Certifications: Certified CMMC Professional (CCP), Certified CMMC Assessor (CCA), CISM, CISS

Additional Information

CFGI is seeking a Cybersecurity GRC & CMMC Assessment Subject Matter Expert to lead and deliver strategic advisory engagements that strengthen clients' security governance, risk management, and compliance posture-with a primary focus on CMMC Level 2 and Level 3 assessment preparation, gap analysis, and remediation support. This role blends hands-on delivery, executive communication, and practice leadership. You will work directly with CISOs, CIOs, CFOs, Program Security Officers, Facility Security Officers, Risk Leaders, and PE deal teams to design pragmatic CMMC compliance programs, build operating models, and drive measurable outcomes. The ideal candidate brings deep expertise in CMMC assessment methodology (NIST SP 800-171/800-172, DFARS 252.204-7012/7021), GRC frameworks, and regulatory compliance, with strong consulting instincts and a proven ability to lead teams and manage multiple client workstreams.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at cfgi? Share your experience