International CMMC Certified Professional

COMPANY PROFILE  
Insight Assurance is a security and compliance firm trusted by over 1200 organizations for their SOC 2, PCI DSS, ISO 27001, and HIPAA audit needs. Insight Assurance is a licensed CPA firm, PCI Qualified Security Assessor (QSA), and ISO 27001 Certification Body founded by former Big-4 professionals (Former EY) looking to simplify the world of IT compliance.  

JOB PURPOSE  
We are seeking a highly skilled compliance auditor who has secured their CMMC Certified Professional (CCP) certification or would be able to secure their CCP within six months, to join our secure team which assesses client’s ability to safeguard government data. The ideal candidate will have demonstrated experience leading compliance initiatives in regulated environments, ensuring adherence to complex regulatory frameworks, and knowledge of CMMC and NIST. Due to the legal requirement of this role, applicants must hold full or dual citizenship in the U.S., Australia, a NATO member country*(listed below), or South Korea, and be able to produce a valid passport. Strong analytical, communication, and collaboration skills are essential to successfully work within our cross-functional teams and with external clients. This is a unique opportunity to make a meaningful impact on data security while working in a dynamic, fast-paced, high-stakes environment.  
  
DUTIES AND RESPONSIBILITIES  
 

• Assessment Planning: Develop a comprehensive assessment plan outlining the scope, objectives, and methodology for evaluating the organization's cybersecurity practices and controls.
• Evaluate Compliance: Assess the organization's adherence to the CMMC framework by reviewing policies, procedures, and technical security controls to ensure they meet the required maturity level.
• Data Collection: Gather and analyze relevant documentation, including system configurations, security policies, incident response plans, and training materials.
• Conduct Interviews: Engage with key personnel within the organization to understand the implementation of cybersecurity practices and gauge their familiarity with security protocols.
• Risk Assessment: Identify potential risks and vulnerabilities in the organization’s cybersecurity posture, determining their potential impact on safeguarding governmental data.
• Reporting Findings: Create detailed reports that document assessment findings, highlighting areas of compliance and non-compliance, along with recommendations for improvement.
• Provide Guidance: Offer expert advice and best practices to help organizations enhance their cybersecurity measures and achieve compliance with CMMC requirements.
• Follow-Up Assessments: Conduct follow-up assessments to verify that corrective actions have been implemented, and that the organization is on track to achieve or maintain compliance.
• Continuous Learning: Stay updated on changes in the CMMC framework, cybersecurity threats, and mitigation strategies to provide the most relevant and effective assessments.
• Client Interaction: Maintain clear communication with clients throughout the assessment process to ensure understanding and facilitate collaboration.

SPECIFIC DUTIES

• Assist the Lead assessor in gathering and evaluating assessment evidence.
• Evaluates the design and effectiveness of controls. 
• Identifies and communicates preliminary assessment findings for daily checkpoint meetings.  
• Foster stakeholder relationships through proactive communication with clients, colleagues and partners.
• Proactively communicate with management regarding any potential issues.

QUALIFICATIONS  

SKILLS 

• Excellent oral and written communication skills.  
• Ability to work individually as well as collaboratively.  
• A high degree of motivation.  
• Fluency in English is required.   

EDUCATION  Bachelor’s degree in accounting, business, cyber security, or management information systems.  

EXPERIENCE  
At least 1-3 years of experience performing IT audit engagements at a Big 4 or other audit/consulting firm. Experience using GRC and compliance automation tools (Vanta, Drata, SecureFrame) is a plus. 

 
TRAINING AND CERTIFICATIONS   

Candidates possessing an active CMMC certification or working towards a CMMC certification such as RP, RPA or CCP.   

A candidate on a path to secure a CMMC certification within six months, must possess an approved Intermediate Certification such as: 

• (ISC)2 CGRC/CAP 
• CompTIA CASP+ 
• CompTIA Cloud+ 
• CompTIA PenTest+ 
• CompTIA Security+ 
• GIAC GSEC 
   

BENEFITS  
 

• Flexible Paid Time Off and paid Holidays  
• Quarterly Performance Bonuses 
• 100% Remote 
• Competitive salary and benefits package. 
• Opportunities for professional growth and development. 
• Collaborative and innovative work environment. 
    

Insight Assurance is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. 

*NATO Country Listing:  

• Australia  
• Barbados  
• Belgium  
• British Virgin Islands  
• Canada  
• Croatia  
• Czech Republic  
• Denmark  
• Estonia  
• Finland  
• France  
• Germany  
• Greece  
• Hungary  
• Iceland  
• Italy  
• Latvia  
• Lithuania  
• Luxembourg  
• Montenegro  
• Netherlands  
• Norway  
• Poland  
• Portugal  
• Romania  
• Slovakia  
• Slovenia  
• South Korea  
• Spain  
• Sweden  
• Turkey  
• US Virgin Islands  
• United Kingdom  
• United States  

Privacy Notice CCPA: 

Insight Assurance shares your personal data/information with Greenhouse recruiting because this is the tool we use for the recruitment process.

Insight Assurance does not sell personal data/information under any circumstances.

You may exercise your rights under personal data protection legislation by reaching out to us via: HR@insightassurance.com or submit a request via mail at 400 N Tampa St. 15th Floor Suite 122, Tampa, FL 33602

Privacy Notice GDPR:

This notice informs you about the categories of Personal Data/ Information and the Purpose and Scope of Processing Activities to be undertaken by Insight Assurance (we, us, our), under its job application and recruitment process.

We resort to Greenhouse.com as the platform that supports our recruitment process, and therefore your Personal Data/ Information will be Processed on this tool (hosted, shared with, cross-referenced, accessed by our team); we have in place contractual terms and the commitment of Greenhouse.com that ensures the Security and Confidentiality plus Purpose limitation with regards to the Processing of your Personal Data.

When you reply to one of your job postings, you voluntarily and freely submit your Personal Data to us; this, allied with the fact that the Processing by us (and over Greenhouse.com) of that Personal Data has the sole Purpose of validating your application and proceeding with the inherent scrutiny and decision, allows us to argue having Legitimate Interest as the applicable Legal Basis to undertake the Processing of your Personal Data under this scope.

We are a U.S. based company, hence some or all Personal Data pertaining to you will be hosted in the U.S.

The categories of Personal Data under Processing consist of:

• Identification
• Contact
• Education and Professional
• Interview performance
• Evaluation

You may exercise several Rights as determined under applicable Personal Data Protection legislation, in short:

• Right of Access – meaning getting information about the Personal Data under Processing by us, except for the information you already know;
• Right of Erasure – you may ask for us to erase all Personal Data pertaining to you under Processing; this may imply you being excluded from the recruitment process, for without information we cannot proceed with it;
• Right of Opposition or Restriction of Processing – you may ask us to stop some Processing or restrict the Processing of some Personal Data, this may imply you being excluded from the recruitment process, at our sole discretion also for without information we cannot proceed with it;
• Rectification – you can rectify your Personal Data at anytime