Provide independent quality assurance review of CMMC Level 2 certification assessments, maintain the quality management system, verify adherence to assessment procedures, and identify nonconformities while ensuring impartiality in the quality function.

Certified CMMC Assessor (CCA) (0001) Location: McLean, Virginia, United States Hybrid Contract Description Certified CMMC Assessor (CCA) OCT Consulting is a business management and technology consulting firm that supports Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology. Responsibilities and Duties OCT currently has an opening for a Certified CMMC Assessor (CCA) to support the build-out of OCT’s CMMC Certified Third-Party Assessment Organization (C3PAO) practice. This position conducts CMMC Level 2 certification assessment activities as a member of the assessment team under the direction of the Lead Certified CMMC Assessor. Day-to-day responsibilities include: - Conduct CMMC Level 2 certification assessment activities as a member of the assessment team under the direction of the Lead Assessor (LCCA). - Examine documentation and artifacts, interview personnel, and test security controls across the 110 NIST SP 800-171 Rev 2 requirements using NIST SP 800-171A methods. - Document findings and recommend MET / NOT MET / NOT APPLICABLE determinations for assigned requirements, with supporting evidence. - Support development of the assessment plan, scope validation, and pre-assessment readiness reviews. - Contribute to the assessment report and support POA&M closeout activities within the required timeframe. - Maintain assessment evidence and working papers in accordance with C3PAO procedures and ISO/IEC 17020:2012. - Adhere to the Cyber AB Code of Professional Conduct, conflict-of-interest, ethics, and impartiality requirements at all times. Requirements - Must be a U.S. Citizen. U.S. citizenship is mandatory for this role because all personnel participating in the CMMC Level 2 certification assessment process must complete a Tier 3 background investigation resulting in a determination of national security eligibility. - Active Certified CMMC Assessor (CCA) certification in good standing. - Must be able to obtain and maintain a favorable Tier 3 background investigation resulting in a national security eligibility determination (this is not a security clearance and is not for the purpose of government employment). The investigation will involve a credit, fingerprint, and law enforcement agency check. - Bachelor’s degree in cybersecurity, information technology, information systems, or a related field, or equivalent professional experience. - Typically 4+ years of cybersecurity or information assurance experience, including exposure to NIST SP 800-171 / CMMC. - Working knowledge of NIST SP 800-171 Rev 2, NIST SP 800-171A, 32 CFR Part 170, and DFARS 252.204-7012. - Additional certifications such as CompTIA Security+, CISSP, CISA, or CCP preferred. - Strong documentation, analytical, and communication skills. - Location / on-site: Remote-eligible with availability to travel to client sites for on-site assessment activities as required. Salary Range: $35- $50 hourly, commensurate with experience, education, etc. This role may be available as either a part-time or full-time opportunity. Benefits About OCT Consulting OCT Consulting LLC is a Small Business (SB) providing professional services and information technology solutions to the Federal government and commercial clients. Founded in 2013, we bring the agility of operations and a management team with a track record of leading successful engagements at major Federal government agencies. At OCT we believe in creating a work environment where employees can thrive based on their abilities, skills, and achievements. We are dedicated to providing career growth and professional development based on individual merit and fostering a workplace where everyone’s contributions are valued and recognized.

• Partner with key customers to understand and help achieve their business, objectives, cybersecurity initiatives, and desired outcomes • Establish strategies and roadmaps to drive cyber workforce resilience through a programmatic approach • Engage C-level executives, technical cyber security professionals, and major lines of business through delivering routine Executive Business Reviews • Leverage your cybersecurity knowledge to recommend appropriate improvements to current programs and suggest new programs. • Drive adoption to maximize the value of the Immersive Labs Platform • Immerse into cyber security community to remain informed of evolving threats, trends, and new technologies • Collaborate with product, content, and engineering teams to serve as the voice of the customer and influence product innovation • Support customers in operationalizing and incorporating Immersive Labs into their cybersecurity programs sustainably, leveraging platform metrics, custom reports and insights to bring attention to the value created along the journey. • Function as an escalation point and primary liaison between sales, product leadership and client accounts, including being the first sales team resource in answering questions related to service delivery within your accounts. • With the Customer Success Manager (CSM), assist in delivering Executive Business Reviews (EBRs) to customers, providing executive-level reports and insights that help drive long-term account health and expansion opportunities.

• Set the vision and operating model for Corporate Security across engineering, identity, endpoint and device security, and end-user services, aligning security outcomes with productivity and service quality. • Lead a globally distributed, multi-disciplinary organization through clear roadmaps, strong managers, measurable priorities, and high operational standards. • Own GitLab’s internal identity and access strategy across Okta, lifecycle automation, RBAC and ABAC, administrative access controls, cloud access governance, and the ongoing evolution of Identity v3. • Drive secure-by-default endpoint and device strategy across GitLab’s fleet, with particular strength in macOS, endpoint hardening, configuration management, telemetry, detection partnerships, and engineering-led change control. • Oversee end-user services and internal IT support for the company, including access management, hardware support, and support for core applications such as Google Workspace, Slack, and Zoom, while improving helpdesk effectiveness and service experience. • Build scalable onboarding, offboarding, and role-change processes that reduce risk, improve auditability, and remove friction for team members and business stakeholders. • Partner cross-functionally with Security, IT, Engineering, People, Compliance, Finance, and Legal to translate business and regulatory requirements into pragmatic controls, policies, and workflows. • Own vendor, tooling, and budget strategy for the Corporate Security estate, using metrics to improve resilience, team member experience, and risk reduction over time.