Schellman is a Top 50 CPA firm and a leading provider of attestation and compliance services. Our professional services focus on security and privacy audits, assessments, and certifications. Schellman has become one of the largest cybersecurity assessment firms in the United States without providing any traditional accounting services. We are an accredited multi-framework ISO Certification Body for security, privacy, business continuity, and quality; a globally licensed PCI Qualified Security Assessor and a top provider to clients serving the federal DoD space as a leading FedRAMP 3PAO and the first assessment firm authorized as a CMMC C3PAO. Our specialty and expertise remain in providing best in class Cybersecurity and IT Audits and Attestations. Our culture, approach with clients, and dedication to our values has led us to consistently be a Great Places to Work certified company and rated as a Best Firms to Work For by Accounting Today and a Glassdoor Best Places to Work. We deeply appreciate our employees, as shown by our first core value – People Come First. This is demonstrated in our culture, benefits, and how we handle business. Come see what makes Schellman special!
Senior associates are primarily responsible for hands-on project execution. Experienced senior associates have, or are working towards, specialization in one or more service lines and are assigned to projects accordingly. Senior associates are assigned to a specific service delivery principal that is responsible for supervising the associate’s career development. Additionally, senior associate’s daily activities are closely supervised by the management teams of their assigned projects. Senior associates may supervise associates and/or senior associates when serving as a member of a project management team.
As a CMMC Senior Associate at Schellman, you will play a critical role in delivering high-quality cybersecurity assessments for clients seeking compliance and assessment primarily for CMMC and NIST SP 800-171/2. You will be responsible for executing gap assessments, compliance assessments, and formal certification assessments across a diverse range of environments, including defense contractors, manufacturers, professional services firms, technology providers, and managed service providers. You will also be cross-trained to support FedRAMP and other engagements based on NIST 800-53, contributing to Schellman’s broader Federal Practice.
CMMC Senior Associates perform a variety of responsibilities from start to finish during a project, including:
Interviewing client Subject Matter Experts for different fields of the organization, including technical areas as well as Human Resources, SecDevOps, SOC/NOC, and Internal Compliance;
Analyzing technical documentation such as system security plans (SSPs), policies, procedures, and evidence artifacts;
Maintaining awareness of evolving DoD and CMMC program requirements, including updates to the CAP, scoping guides, and assessment guides to support Schellman methodology updates and client education.
Working in Schellman’s Federal Practice will lead to the natural honing of your technical skills in a variety of fields including cryptography, network structures, system security tools, and CI/CD. You’ll also improve your understanding of organizational controls such as security training programs, configuration management/ system development, and incident response processes. But more than that, a career at Schellman will also support outside opportunities for further education through additional training and the pursuit of industry-accepted certifications such as CISA, CISSP, and others.
CMMC assessors should expect to travel a minimum of 25% for onsite assessment activities.
Complying with Schellman’s code of ethics and professional conduct, methodologies, policies, and procedures
Executing assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards and CMMC requirements and guidance (e.g., CAP, 32 CFR Part 170), and suggesting ideas for improvements, where applicable
Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.)
Knowledge, Skills, and Abilities:
Proficient using Microsoft Word, Excel, and PowerPoint, as well as Schellman’s service delivery applications
Education, Work Experience and Certifications
Bachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified
Has completed at least one year of service at Schellman or relevant professional services experience in financial auditing, operational auditing, information systems auditing, internal auditing, information security management or consulting and/or risk consulting
Schellman is an equal opportunity employer (EOE) and strongly supports diversity in the workplace; therefore, providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. Schellman uses E-Verify in our hiring process.
At Schellman, we strive to provide a flexible and balanced environment and therefore offer the opportunity to work remotely, unless otherwise stated in the job requirements. Connecting, collaborating and continuous education are also highly valued and therefore we require some travel annually for our Internal Service Delivery roles, which can include in-person training, team meet-ups, and strategy meetings. Service Delivery team members will also be required to travel based on business and client needs.