Description:
Why choose FRSecure? We believe information security is fun. We focus on equipping our clients, communities, and employees with knowledge to better protect themselves against risk. Our first core value, we tell the truth, sets a foundation for meaningful relationships and employee growth, ultimately providing the highest quality work in the industry. FRSecure is consistently awarded for outstanding service, industry-leading methodology, organizational growth, and a reputable culture.
FRSecure is comprised of experts on a mission to fix the broken information security industry. We believe that behind every data compromise are people, and everyone deserves to have their data and livelihood protected. We take great pride in what we do and how we do it, and we truly believe we can accomplish our mission. It starts with hiring the right people to help us get there. If this resonates with you, apply now to join our dedicated team!
Benefits and Work Environment: FRSecure is committed to creating a workplace where people can do their best work while staying balanced, supported, and fulfilled. Our culture is rooted in our mission and values, and we believe that flexibility, trust, and wellbeing are essential to long-term success. Here is what you can expect:
-
Flexible Work Environment: We empower employees with flexible schedules and remote or hybrid work options.
-
Meaningful, Mission-Driven Work: Join a team that is passionate about making a real impact, with opportunities to contribute in a collaborative, values-driven environment.
-
Mental Health & Wellbeing Support: Access to an Employee Assistance Program (EAP) and a culture that actively promotes mental wellbeing, open communication, and sustainable work practices.
-
Growth & Development: Ongoing learning opportunities and support for professional development to help you grow in your career.
-
Comprehensive Benefits Package: Including medical, dental and vision insurance, health savings, flexible savings and dependent care savings account options, life and disability insurance, 401(k) with employer match up to 4%, and pet insurance.
-
Generous Time Off: Unlimited paid time off offered to rest and recharge, paid parental leave (6 weeks of 100% regular, straight time weekly pay for non-birthing parents, and 12 weeks of 100% regular, straight time weekly pay for birthing parents), 11 paid holidays, and volunteer time off.
Position Summary:
The CMMC Senior Consultant serves as a trusted advisor, subject matter expert, and leader in helping organizations strengthen their cybersecurity programs and achieve Cybersecurity Maturity Model Certification (CMMC) readiness. This role will help shape CMMC methodologies, mentor other consultants, influence service development, and help organizations navigate the evolving cybersecurity and regulatory landscape.
Working Location: This position is available on a full-time remote basis in the following states: Arizona, Colorado, Florida, Georgia, Idaho, Illinois, Kansas, Kentucky, Massachusetts, Michigan, Minnesota, Montana, North Carolina, Ohio, Pennsylvania, South Dakota, Tennessee, Texas, Washington, and Wisconsin. Only candidates located in the United States will be considered. Office headquarters and operational business hours are based in Edina, MN (Central Time).
Application Deadline: Open until filled
What Your Day Looks Like as a CMMC Senior Consultant:
CMMC Responsibilities
-
Performing duties such as team consultation, guidance, training, and support to the Consulting Services team
-
Being a subject matter expert on CMMC services, answer questions, and help create solutions or troubleshoot problems
-
Developing, documenting and maintaining CMMC methodologies
-
Leading multiple concurrent CMMC engagements simultaneously, coordinating internal consultants and subject matter experts, review assessment workpapers, ensure consistent assessment methodology, maintain project timelines, manage client expectations, and escalate project risks when appropriate
-
Lead CMMC readiness assessments using all applicable CMMC practices and assessment objectives, documenting identifies compliance gaps, control weaknesses, and implementation deficiencies
-
Produce detailed assessment reports with prioritized remediation recommendations, validate objective evidence, and make final determination on objective evidence sufficiency
-
Lead clients through defining the official CMMC assessment scope, including Identification of CUI assets, Identification of Security Protection Assets (SPA), Specialized Assets, Contractor Risk Managed Assets (CRMA), and Out-of-Scope Assets
-
Partner with client stakeholders to remediate deficiencies by developing remediation roadmaps, prioritizing findings by risk and certification impact, recommending technical solutions, assisting with policy development, Reviewing System Security Plans (SSP), Reviewing Plans of Action & Milestones (POA&M), validating corrective actions, performing remediation verification assessments and preparing clients for formal certification assessments
-
Collaborate with the marketing team to develop, document, and maintain CMMC sales and marketing materials
-
Develop and execute on training plan for employees on CMMC services
-
Participate in research and development and share insights with the team
-
Participate and lead regular group meetings to provide support and training to team members
-
Take individual accountability for client and project success and support team members to assure the same
Client Responsibilities
-
Work with clients at all levels of the organization, including C-suite, to identify and prioritize security gaps
-
Serve as primary technical advisor throughout client engagements, lead kickoff meetings and project workshops, present findings to executive leadership, translate technical issues into business risk, provide practical, risk-based recommendations, mentor client technical staff through remediation activities, and maintain positive client relationships throughout engagements
-
Develop roadmap security efforts and remediation plans
-
Coach clients in the development of information security policies, procedures, disaster recovery plans, incident response plans, and other projects as needed
-
Educate clients on sound information security concepts and principles and advise on the implementation of suitable information security controls
-
Provide insight to clients related to relevant regulatory and best-practice information security standards through gap assessments and readiness coaching
-
Conduct organization-wide security assessments for client organizations. Conduct client interviews, review policy and procedures, and observe controls within client facilities
-
Document assessment findings and present assessment results to client leadership
-
Maintain and develop own technical and security knowledge on a consistent basis
-
Takes individual accountability for client and project success
Working Hours: This is a full-time position worked Monday-Friday each week, with the expectation that the responsibilities can be completed in 40 hours each week. Primary business hours are Monday-Friday, 8:00am-5:00pm Central Time, however this position offers flexibility in setting the working schedule best fit for you, while most importantly maintaining the expectations of the position, completing projects within defined deadlines, and participating in company and team meetings.
Travel
This position involves limited travel, averaging approximately up to 4-6 times per year. Travel that may be needed typically involves client site visits, strategy meetings, and/or other company or team events and activities. Client trips are based on business and client needs.
Requirements:
What You Bring to CMMC Senior Consultant role:
-
5-10 years of experience in Information Security or a related field, consisting of work and educational experience, demonstrating expertise in communicating information security risk management practices
-
Previous experience operating as a vCISO, Security Consultant, or providing enterprise leadership related to Information Security
-
CCA certification required and Lead CCA preferred
-
Must be current with the CAICO
-
Have or able to obtain a Tier 3 determination from DoD or equivalent background check
-
CISSP certification required
-
A strong desire to develop and improve existing FRSecure services; strong verbal and written communication skills and actively work to support and build the knowledge of other team members.
-
A strong understanding of internal workflows and interdepartmental procedures to lead cross-functional initiatives
-
Self-motivated and proactively seeks out learning opportunities and asks questions
-
In depth understanding of information security foundations including asset management, data security, network management, physical security, and security governance
-
Expert knowledge in vCISO services and demonstrated expertise in their effective execution with clients
-
Ability to lead by example through initiative, clear communication, and collaboration
-
Proficient in delivering exceptional customer experiences through empathy, active listening, and clear communication
-
Able to communicate effectively across teams and stakeholders to drive alignment and results
-
Demonstrated excellence in planning, prioritization, and execution of complex tasks and projects
Salary: FRSecure believes in and operates with equitable hiring practices. The starting base salary range is $150,000 - $185,000, not including any bonus, incentive commission, or benefits. Add any applicable details, such as OTE. The range displayed on each job posting reflects the defined starting salary range for the position across the United States. Within the range, pay offered is determined by a variety of factors that include but are not limited to job-related skills, experience, and relevant education or training.
Commission eligible: No
FLSA Status: Exempt
Your Recruiter will be able to discuss further details related to commission, bonuses, or other specific salary information related to this position.
Former and Current Employees: To qualify for this position, former employees must be eligible for rehire, and current employees must be in good standing.
Employment and Application Statements
FRSecure, LLC is committed to the principles of equal employment. We comply with all federal, state, and local laws providing equal employment opportunities, and all other employment laws and regulations. It is our intent to maintain a work environment that is free of harassment, discrimination, or retaliation because of race, color, creed, religion, national origin, sex, sexual orientation (including transgender status, gender identity or expression), pregnancy (including childbirth, lactation, or related conditions), marital status, disability, public assistance, age, and familial status, genetic information, local commissions activity, veteran status, uniformed servicemember status, or any other status protected by federal, state, or local laws.
FRSecure is dedicated to the fulfillment of this policy in regard to all aspects of employment, including but not limited to recruiting, hiring, placement, transfer, training, promotion, rates of pay, and other compensation, termination, and all other terms, conditions, and privileges of employment.
FRSecure is committed to the full inclusion of all qualified individuals. As part of this commitment, FRSecure will ensure that persons with disabilities are provided reasonable accommodations for the hiring process. If a reasonable accommodation is needed to complete a job application, interview, or otherwise participate in the hiring process, please contact the Human Resources team at [email protected].