Key Facts

Remote From:

Full time

Senior (5-10 years)

English

Hard Skills

NIST 800 Microsoft Azure Evidence Analysis Microsoft Enterprise Project Management Standard Operating Procedure Common Assessment Framework Assessment And Authorization Compliance Management Remediation Systems Demonstration Skills +12 more

Other Skills

•
Calmness Under Pressure
•
Professionalism
•
Communication
•
Leadership
•
Time Management
•
Organizational Skills
•
Analytical Thinking
•
Detail Oriented
•
Team Building
•
Self-Motivation
•
Problem Solving

Roles & Responsibilities

U.S. Citizenship is required
6+ years of cybersecurity experience with emphasis on NIST SP 800-53 and/or NIST SP 800-171
Detailed understanding of Microsoft Azure, Defender, Sentinel, and Microsoft 365 GCC/GCC High security technologies
Experience supporting compliance assessments, audits, or certification activities, including interaction with external assessors/auditors

Requirements:

Plan and coordinate customer CMMC assessments, maintain master assessment schedule, coordinate timelines with customers, C3PAOs, and internal teams, conduct readiness reviews, track milestones, and manage communications
Prepare assessor-ready evidence packages and maintain evidentiary artifacts, update implementation statements, review documents for alignment with NIST SP 800-171 and CMMC requirements
Support customer assessments by attending assessments, defending implementations and evidence, coordinating interviews and demonstrations, and handling assessor requests and remediation actions
Maintain SecureITSM’s security and compliance programs by conducting internal self-assessments, updating policies/SOPs, maintaining evidence libraries, and tracking changes to CMMC/NIST guidance

Paragone Solutions, Inc.

About Paragone Solutions, Inc.

Paragone was founded in 2008 and is an Economically Disadvantaged Woman Owned Small Business (EDWOSB) concentrating on supporting the Federal Government. We focus on CIO support, RMF/Cyber support, e-learning/training, Communications, Industrial Hygiene/Occupational Safety and Health, and studies/analysis. Paragone’s vision: To be a trusted adviser to all of our clients supporting their objectives as if they are our own. Excellence We are committed to demanding more of ourselves than our clients do. Quality We are a process-oriented company with a quality culture focused on continuously improving all aspects of our operations. Integrity: We adhere to the highest moral and ethical principals at all times. Respect: We respect everyone’s rights and dignity at all times. Paragone derives its name from the Italian Renaissance in which one form of art (architecture, sculpture or painting) is championed as superior to all others. In our case, we strive to be the benchmark in all that we do by all that we support.

Founded: 2018

Company size: 11 - 50

Website LinkedIn See all jobs →

Job description

About SecureITSM
SecureITSM is a Certified CMMC Managed Service Provider (MSP) supporting Department of Defense (DoD) contractors that must obtain and maintain Cybersecurity Maturity Model Certification (CMMC). SecureITSM is a CMMC Certified Organization (CMMC UID #L200002160) and has developed a proprietary CMMC documentation and compliance platform designed to streamline assessment preparation, evidence management, and ongoing compliance operations.

We are seeking a highly organized and technically skilled CMMC Assessment Lead to oversee the planning, preparation, coordination, and support of customer CMMC assessments conducted by authorized C3PAOs. This role is critical to ensuring our customers successfully achieve and maintain compliance with NIST SP 800-171 Rev. 2 and future Rev. 3 requirements.
The ideal candidate combines deep cybersecurity and compliance expertise with exceptional project management, customer communication, and assessment defense capabilities.

Location and Travel: This is a remote position with occasional travel required to support customer assessments.

Position Summary
The CMMC Assessment Manager will oversee customer assessment readiness activities from initial scheduling through final assessment support and remediation coordination. The role requires direct interaction with customers, assessors, internal engineering teams, and executive leadership.

This individual will manage multiple concurrent customer engagements while ensuring assessment artifacts, implementation statements, policies, procedures, and evidentiary documentation are accurate, complete, and defensible.

Key Responsibilities
Plan and Coordinate Assessments (Primary)

Maintain the master CMMC customer assessment schedule
Coordinate assessment timelines with customers, C3PAOs, and internal SecureITSM teams
Conduct readiness reviews and pre-assessment planning meetings
Track customer assessment milestones, dependencies, and remediation activities
Manage customer communications related to assessment preparation and scheduling
Coordinate Rules of Engagement (ROE), assessment logistics, and secure evidence transfer processes
Monitor assessment status and provide executive-level reporting on customer readiness
Assist customers in understanding assessment scope, boundary definitions, and enclave considerations

Prepare Assessment Packages (Primary)

Update implementation statements as needed
Gather and organize evidentiary artifacts
Coordinate customer evidence collection activities
Review SSPs, policies, procedures, and supporting documentation for assessment readiness
Validate evidence traceability to NIST SP 800-171 requirements and assessment objectives
Prepare assessor-ready evidence packages and artifact repositories
Conduct internal quality assurance reviews of documentation and evidence
Identify documentation gaps and coordinate remediation activities
Support development and maintenance of Plans of Action & Milestones (POA&Ms)
Ensure documentation aligns with evolving CMMC and NIST guidance

Support Customer Assessments (Primary)

Attend and actively support customer assessments
Actively defend implementations and evidence presented to assessors
Coordinate assessment interviews and technical demonstrations
Support mock assessments and readiness exercises for customers
Assist customers in responding to assessor requests and follow-up questions
Document assessment observations, findings, and remediation actions
Coordinate post-assessment remediation activities and evidence resubmissions when required
Serve as a trusted advisor throughout the certification lifecycle

Maintain SecureITSM’s Authorization and Compliance (Secondary)

Conduct SecureITSM’s annual self-assessment activities
Maintain internal compliance documentation and evidentiary artifacts
Coordinate annual evidence collection activities (e.g., training certificates, access reviews, vulnerability scans)
Assist with internal policy and procedure updates
Support ongoing continuous monitoring and compliance validation activities
Track changes to CMMC, NIST SP 800-171, and related DoD guidance affecting internal compliance posture

Implementation Statement Management (Secondary)

Maintain and update SecureITSM master implementation statement libraries aligned to NIST SP 800-171 and evolving CMMC guidance
Develop and maintain industry-specific implementation statement sets (e.g., manufacturing, engineering, professional services, telework-only environments)
Standardize implementation language and evidence expectations across customer environments
Coordinate updates to implementation statements based on assessment findings, regulatory changes, and best practices
Validate implementation statements for technical accuracy, completeness, and assessor defensibility
Support continuous improvement of SecureITSM’s proprietary documentation platform and implementation content library

Maintain and Improve Standard Operating Procedures (Secondary)

Develop and maintain assessment preparation Standard Operating Procedures (SOPs)
Continuously improve evidence collection and assessment support workflows
Create standardized templates, checklists, and assessment playbooks
Document lessons learned and incorporate process improvements
Maintain internal knowledge base articles and operational documentation
Assist in refining SecureITSM’s proprietary CMMC documentation platform workflows and processes

Required Qualifications

U.S. Citizenship required
Detailed understanding of Microsoft Azure, Microsoft Defender, Microsoft Sentinel, Microsoft 365 GCC/GCC High, and related Microsoft security technologies
6+ years of cybersecurity experience with strong focus on NIST SP 800-53 and/or NIST SP 800-171
Experience supporting compliance assessments, audits, or certification activities
Strong understanding of CMMC assessment methodology and evidence requirements
Excellent technical writing and communication skills
Strong project management and organizational abilities
Exceptional attention to detail
Ability to manage multiple customer engagements simultaneously
Experience working directly with external assessors, auditors, or regulatory bodies
Familiarity with secure project management and compliance collaboration platforms

Preferred Qualifications

PMP certification preferred
CMMC Certified Professional (CCP) or Certified Assessor (CCA) preferred
CISSP, CISM, or equivalent cybersecurity certification preferred
Experience supporting DoD contractors or working within the Defense Industrial Base (DIB)
Familiarity with FedRAMP and DFARS 252.204-7012
Experience with SIEM, vulnerability management, and endpoint protection technologies

Key Attributes

Strong leadership and customer engagement skills
Ability to remain composed and professional during high-pressure assessment activities
Analytical thinker with strong problem-solving capabilities
Self-motivated with ability to work independently
Collaborative team player with strong interpersonal skills
High level of integrity and professionalism

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, status as a protected veteran or any other basis prohibited by law.

#ZR

Ready to apply?

APPLY

Share ·