General information

Name Lead Consultant, CMMC Cybersecurity Assessor Posting Title Lead Consultant, CMMC Cybersecurity Assessor Ref # 2235585 Date Published Wednesday, August 13, 2025 City Charlotte State North Carolina Country United States Job Category Risk Advisory Office IT Risk & Compliance (Forvis) Advertised Location US-FL-Tampa Bay, US-GA-Atlanta, US-NC-Charlotte, US-TX-Dallas, US-VA-Tysons Working time Full Time

Description & Requirements

Ready to Accelerate Your Career? Join our rapidly expanding advisory team!
Our IT Risk & Compliance Advisory practice combines industry expertise and innovative solutions to help global companies exceed their strategic objectives. With a global footprint, our portfolio of fortune 1000 services clients spans industries including banking and finance, insurance, healthcare, and manufacturing, from large to middle markets.  
Your New Career Challenge
Daily, you will have the opportunity to learn and work alongside a broad mix of highly talented subject matter leaders and team members both at Forvis Mazars and at our clients. You will have an environment to explore and experience emerging, and relevant topics based on your interests and alignment to your short and long-term career goals. 
This role will be primarily focused on supporting CMMC consulting and assessment projects with U.S. Department of Defense contractor clients of all size, complexity, and industry, including international and Fortune 1000 companies. The right individual will help lead projects as an experienced subject matter resource with previous experience with various US federal compliance frameworks, including CMMC / NIST 800-171, FISMA, FedRAMP, and NIST CSF.
What you will do:

Help execute information security risk and compliance assessments against federal and other government required cyber frameworks, including the Cybersecurity Maturity Model Certification (CMMC), NIST 800-171, NIST 800-53, FedRAMP/StateRAMP, and the NIST Cybersecurity Framework, among others.
Assesses IT environments and identifies gaps and vulnerabilities that impair compliance with required standards and assists with the documenting of clear reporting with proof-of-concept and recommendations.
Lead and conduct assessments based upon NIST 800-171, designed to comply with CMMC Level 2 certification assessments.
Participate on consulting teams with large enterprise clients in multiple industries to:

Assist organizations with defining boundaries of in-scope systems. 
Assisting clients with documentation development, including system security plans (SSP), policies/procedures, strategy development, and plans of action and milestones (POAMs).
Define and integrate solutions, including tools, processes, and data flows to maintain required compliance obligations and reduce cyber risk.

Effectively manage multiple projects concurrently, helping define and drive project management to keep projects on schedule and within budget.
Help identify and define new strategic service offerings in the federal cyber compliance industry, build out solutions and roadmaps, and help train more junior team members in federal cyber compliance frameworks and client projects.

Minimum Qualifications:

Experience providing consulting, assessment, or implementation services associated with federal cyber compliance frameworks, including NIST 800-171, FISMA, or FedRAMP.
Working knowledge of cyber risk management frameworks (CMMC / NIST 800-171, FISMA, FedRAMP, NIST Cybersecurity Framework, NIST SP 800-53)
General knowledge of common compliance frameworks (PCI DSS, ISO 27001, HIPAA/HITRUST)
At least 4+ years of experience in cybersecurity, IT audit, or governance, risk, and compliance required, including 1 - 2 of the following frameworks:

NIST Cybersecurity Framework (CSF)
Cybersecurity Maturity Model Certification (CMMC) and/or NIST SP 800-171
Payment Card Industry Data Security Standard (PCI DSS)
ISO 27001 / 27002
FedRAMP / StateRAMP
FISMA and NIST SP 800-53
CIS Critical Security Controls

Must have a CMMC Certified Assessor (CCA) credential.

Preferred Qualifications:

Bachelor's Degree in Cybersecurity, MIS, Computer Science, or a similar discipline
Cybersecurity and/or privacy related certifications (e.g., CISSP, CISA, CISM, QSA, CIPP, etc.)
Previous professional services or consulting experience

#LI-TPA, #LI-ATL, #LI-CLTSP, #LI-DFW, #LI-TYS #LI-GM1