Technical Cyber Advisor
Job Description
Company: Eccalon, LLC
Location: US
***This is a hybrid position with a minimum of three days per week on site in Hanover, MD***
Job Description
The Cybersecurity Advisor (CA) specializing in Cybersecurity Maturity Model Certification (CMMC) has expert-level understanding of IT and cybersecurity landscapes, with in-depth knowledge of the CMMC framework, including its requirements, processes, and implementation strategies. The Cyber Advisor will lead a client organization’s efforts to achieve and maintain CMMC compliance with current and future standards. The Cyber Advisor will serve as a trusted cybersecurity resource to both technical and non-technical stakeholders and can advise on wide-ranging cyber security topics, including cyber threats, technologies, and best practices, enhancing the organization’s overall cybersecurity posture.
Qualified candidates should have a strong technical background (ex, systems, networks, cloud, etc.) in addition to vulnerability analysis, incident reporting, security standards, policy, and training content delivery.
The Cybersecurity Advisor may also conduct classroom and/or webinar instruction in the theory & execution of cyber security best practices to small and medium size business operators. The Advisor will work as part of a team to develop and refine cyber courseware.
Key Responsibilities
• Provide expert advice on a wide range of cybersecurity issues, including risk analysis, incident management, compliance, and security architecture.
• Develop and implement cybersecurity strategies tailored to the specific needs and risk profile of the organization.
• Lead client organization’s CMMC certification process, from initial assessment to final certification and continuous monitoring.
• Develop and implement a CMMC compliance roadmap, including timelines, resource allocation, and key milestones.
• Lead compliance and security assessments with various cybersecurity frameworks and standards, including CMMC, ISO 27001, NIST 800-171, NIST CSF, ISO 9001, and FedRAMP.
• Act as the primary point of contact for all cyber compliance-related matters, liaising with senior management, external auditors, and other relevant parties.
• Develop and implement cybersecurity strategies tailored to the specific needs and risk profile of the organization.
Framework Implementation
• Interpret and apply appropriate cyber-related framework requirements to the organization’s systems, processes, and policies as applicable.
• Collaborate with IT, security, and operational teams to implement necessary controls and measures to achieve the required compliance with frameworks and policies, including CMMC.
Gap Analysis and Remediation
• Conduct comprehensive gap analyses to identify deficiencies in current security practices relative to applicable cybersecurity requirements.
• Develop and manage Plan of Action and Milestones (POA&Ms) to address identified gaps, ensuring timely and effective implementation of corrective actions.
Policy and Procedure Development
• Create and maintain policies, procedures, and documentation required for security compliance, including System Security Plans (SSP).
• Ensure all relevant stakeholders are informed of and adhere to these policies and procedures.
Training and Awareness
• Work with Instructional System Design teams to create and deliver cybersecurity and awareness training to educate clients and employees on cybersecurity requirements, security policies, and best practices.
• Conduct tabletop exercises to ensure organizational readiness in the event of a security breach.
• Promote a culture of security awareness throughout the organization, emphasizing the importance of compliance.
Audits and Assessments
• Plan and conduct audits to evaluate the effectiveness of security controls and compliance.
• Prepare for and support external audits conducted by certified third-party assessors (e.g., C3PAOs).
Continuous Monitoring and Improvement
• Implement continuous monitoring processes to ensure ongoing compliance with CMMC and other relevant security standards.
• Regularly review and update security measures, policies, and procedures to reflect changes in the relevant cybersecurity framework or organizational needs.
Stakeholder Engagement
• Act as the primary point of contact for all cyber-related matters, liaising with senior management, external auditors, and other relevant parties.
• Provide expert guidance and support to internal teams on CMMC and other cyber-related issues and initiatives.
• Identify, assess, and mitigate risks associated with non-compliance with security standards.
• Develop risk management strategies that align with the organization’s security objectives and compliance obligations.
Reporting and Documentation
• Maintain comprehensive records of compliance-related activities, including assessment reports, audit findings, and remediation efforts.
• Prepare and present regular status reports to senior management, highlighting progress, challenges, and next steps.
Required Qualifications
• Bachelor’s degree in Cyber Security, Information Technology, Computer Science, or a related field.
• Relevant certifications such as CISSP, CISM, CMMC-AB Certified Assessor, or equivalent.
• Extensive experience in cyber security, with a focus on compliance and regulatory standards.
• In-depth knowledge of the CMMC framework and its application in various organizational contexts.
• Strong project management skills, including the ability to manage multiple projects and deadlines.
• Excellent communication and interpersonal skills, with the ability to work effectively with technical and non-technical stakeholders.
• Proficiency in developing and implementing security policies and procedures.
• Analytical mindset with strong problem-solving abilities.
Preferred Qualifications
• A master’s degree in Cyber Security, Information Technology, Computer Science, or a related field.
• Familiarity with other regulatory frameworks and standards, such as NIST SP 800-171, ISO 27001, and DFARS.
• Experience working with government contractors and understanding of the federal contracting process.
• Strong technical background, with experience in implementing security controls and technologies.
• Ability to adapt to changing regulatory landscapes and organizational needs.
Source: JobLeads
