CMMC / NIST Consultant / Analyst at Hotman Group

Hotman Group is seeking a CMMC / NIST Consultant / Analyst to support client projects involving CMMC, SSP development, NIST SP 800-171, NIST SP 800-53, FedRAMP, evidence collection, control documentation, and remediation tracking.

This is a contract role that may be structured as part-time or full-time based on project needs and candidate availability. We are looking for a mid-level practitioner who can contribute to active client delivery work, produce strong documentation, and help move projects forward in a remote consulting environment.

What You’ll Do

• Support client engagements related to CMMC readiness, implementation, and documentation
• Develop, update, and maintain System Security Plans (SSPs)
• Assist with NIST SP 800-171, NIST SP 800-53, and FedRAMP documentation, control mapping, and related deliverables
• Gather, organize, and review evidence supporting control implementation
• Draft and refine control narratives, policies, procedures, and related compliance documentation
• Identify gaps and support development of POA&Ms and remediation tracking
• Work with client stakeholders to collect information, validate details, and keep deliverables moving
• Contribute to readiness efforts tied to assessments, documentation, and ongoing compliance activities

What we're looking for

• 3-5 years of relevant experience in GRC, cybersecurity compliance, or related consulting work
• Hands-on experience with CMMC-related work (Required)
• Experience working with SSPs, policies, procedures, evidence collection, and remediation documentation (Required)
• Familiarity with NIST SP 800-171, NIST SP 800-53, and FedRAMP
• Strong writing and documentation skills
• Ability to work independently in a remote environment
• Strong organization, follow-through, and professionalism in client-facing work
• Comfort stepping into active projects and supporting delivery work with minimal hand-holding

Nice to Have

• Experience supporting CMMC Level 2 efforts
• Experience with CUI scoping, enclaves, or boundary discussions
• Familiarity with POA&Ms, assessment readiness, and control crosswalks
• Certifications such as CCP, CCA, CISSP, CISM, or CISA

Requirements

• Authorized to work in the U.S.
• Able to pass a background check
• Reliable high-speed internet and a secure remote work setup

About Hotman Group

Hotman Group is a remote boutique cybersecurity and GRC firm supporting clients across a range of industries and compliance needs. We value strong writing, quality work, collaboration, sound judgment, and practical execution.

This role is a strong fit for someone who wants to contribute to meaningful CMMC project work in a contract capacity, whether that means part-time project support or full-time contract availability.