Certified CMMC Assessor (CCA) (0001) Location: McLean, Virginia, United States Hybrid Contract Description Certified CMMC Assessor (CCA) OCT Consulting is a business management and technology consulting firm that supports Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology. Responsibilities and Duties OCT currently has an opening for a Certified CMMC Assessor (CCA) to support the build-out of OCT’s CMMC Certified Third-Party Assessment Organization (C3PAO) practice. This position conducts CMMC Level 2 certification assessment activities as a member of the assessment team under the direction of the Lead Certified CMMC Assessor. Day-to-day responsibilities include: - Conduct CMMC Level 2 certification assessment activities as a member of the assessment team under the direction of the Lead Assessor (LCCA). - Examine documentation and artifacts, interview personnel, and test security controls across the 110 NIST SP 800-171 Rev 2 requirements using NIST SP 800-171A methods. - Document findings and recommend MET / NOT MET / NOT APPLICABLE determinations for assigned requirements, with supporting evidence. - Support development of the assessment plan, scope validation, and pre-assessment readiness reviews. - Contribute to the assessment report and support POA&M closeout activities within the required timeframe. - Maintain assessment evidence and working papers in accordance with C3PAO procedures and ISO/IEC 17020:2012. - Adhere to the Cyber AB Code of Professional Conduct, conflict-of-interest, ethics, and impartiality requirements at all times. Requirements - Must be a U.S. Citizen. U.S. citizenship is mandatory for this role because all personnel participating in the CMMC Level 2 certification assessment process must complete a Tier 3 background investigation resulting in a determination of national security eligibility. - Active Certified CMMC Assessor (CCA) certification in good standing. - Must be able to obtain and maintain a favorable Tier 3 background investigation resulting in a national security eligibility determination (this is not a security clearance and is not for the purpose of government employment). The investigation will involve a credit, fingerprint, and law enforcement agency check. - Bachelor’s degree in cybersecurity, information technology, information systems, or a related field, or equivalent professional experience. - Typically 4+ years of cybersecurity or information assurance experience, including exposure to NIST SP 800-171 / CMMC. - Working knowledge of NIST SP 800-171 Rev 2, NIST SP 800-171A, 32 CFR Part 170, and DFARS 252.204-7012. - Additional certifications such as CompTIA Security+, CISSP, CISA, or CCP preferred. - Strong documentation, analytical, and communication skills. - Location / on-site: Remote-eligible with availability to travel to client sites for on-site assessment activities as required. Salary Range: $35- $50 hourly, commensurate with experience, education, etc. This role may be available as either a part-time or full-time opportunity. Benefits About OCT Consulting OCT Consulting LLC is a Small Business (SB) providing professional services and information technology solutions to the Federal government and commercial clients. Founded in 2013, we bring the agility of operations and a management team with a track record of leading successful engagements at major Federal government agencies. At OCT we believe in creating a work environment where employees can thrive based on their abilities, skills, and achievements. We are dedicated to providing career growth and professional development based on individual merit and fostering a workplace where everyone’s contributions are valued and recognized.

• Partner with key customers to understand and help achieve their business, objectives, cybersecurity initiatives, and desired outcomes • Establish strategies and roadmaps to drive cyber workforce resilience through a programmatic approach • Engage C-level executives, technical cyber security professionals, and major lines of business through delivering routine Executive Business Reviews • Leverage your cybersecurity knowledge to recommend appropriate improvements to current programs and suggest new programs. • Drive adoption to maximize the value of the Immersive Labs Platform • Immerse into cyber security community to remain informed of evolving threats, trends, and new technologies • Collaborate with product, content, and engineering teams to serve as the voice of the customer and influence product innovation • Support customers in operationalizing and incorporating Immersive Labs into their cybersecurity programs sustainably, leveraging platform metrics, custom reports and insights to bring attention to the value created along the journey. • Function as an escalation point and primary liaison between sales, product leadership and client accounts, including being the first sales team resource in answering questions related to service delivery within your accounts. • With the Customer Success Manager (CSM), assist in delivering Executive Business Reviews (EBRs) to customers, providing executive-level reports and insights that help drive long-term account health and expansion opportunities.

• Set the vision and operating model for Corporate Security across engineering, identity, endpoint and device security, and end-user services, aligning security outcomes with productivity and service quality. • Lead a globally distributed, multi-disciplinary organization through clear roadmaps, strong managers, measurable priorities, and high operational standards. • Own GitLab’s internal identity and access strategy across Okta, lifecycle automation, RBAC and ABAC, administrative access controls, cloud access governance, and the ongoing evolution of Identity v3. • Drive secure-by-default endpoint and device strategy across GitLab’s fleet, with particular strength in macOS, endpoint hardening, configuration management, telemetry, detection partnerships, and engineering-led change control. • Oversee end-user services and internal IT support for the company, including access management, hardware support, and support for core applications such as Google Workspace, Slack, and Zoom, while improving helpdesk effectiveness and service experience. • Build scalable onboarding, offboarding, and role-change processes that reduce risk, improve auditability, and remove friction for team members and business stakeholders. • Partner cross-functionally with Security, IT, Engineering, People, Compliance, Finance, and Legal to translate business and regulatory requirements into pragmatic controls, policies, and workflows. • Own vendor, tooling, and budget strategy for the Corporate Security estate, using metrics to improve resilience, team member experience, and risk reduction over time.

Role Description In support of our growing Risk Advisory practice, we are seeking an experienced CMMC Certified Assessor (CCA) to support and perform CMMC assessments engagements across our client base. This role is ideal for someone who enjoys hands‑on assessment work, working closely with clients, and building deep technical expertise within a collaborative environment. A Day in the Life: - Supporting and performing CMMC Level 2 assessments in alignment with CMMC and DoD requirements. - Evaluating control design and operating effectiveness and helping identify gaps and deficiencies. - Gathering, reviewing, and validating assessment evidence and maintaining clear, well‑organized documentation. - Contributing to high‑quality workpapers and assessment deliverables aligned with firm methodology and standards. - Interacting directly with client personnel to obtain evidence, clarify requirements, and answer questions. - Supporting Leads with project execution, timelines, and engagement coordination. - Staying current on evolving CMMC guidance, DoD updates, and cybersecurity compliance trends. Qualifications - Bachelor’s degree in Information Security, Information Systems, Computer Science, Cybersecurity, or a related field. - Active CCA (CMMC Certified Assessor) certification, including adjudicated Tier 3 background. - 3+ years of experience in cybersecurity, compliance, risk management, or GRC, preferably in consulting or client‑facing roles. - Hands‑on experience supporting or performing CMMC readiness efforts and/or assessments. - Working knowledge of CMMC requirements, assessment objectives, and evidence expectations. - Detail‑oriented with the ability to manage tasks across multiple engagements. - Interest in continuing to grow within CMMC and cybersecurity compliance. - Ability to travel up to 15%, as needed. - Must be authorized to work in the United States now or in the future without visa sponsorship. Benefits - Generous paid time off. - Comprehensive medical, dental, and vision insurance. - 401(k) profit sharing. - Life and disability insurance. - Lifestyle spending account. - Certification incentives. - Education assistance. - Referral program. Company Description People join Eide Bailly for the opportunities and stay because of the culture. At Eide Bailly, we've built a collaborative workplace based on integrity, authenticity, and support for one another. You'll find opportunities for education and career growth, a team dedicated to your success, and benefits that put your family's needs first. Compensation: $80,000-$125,000 Our compensation philosophy emphasizes competitive and equitable pay. Eide Bailly complies with all local/state regulations regarding displaying ranges. Final compensation decisions are dependent upon factors such as geography, experience, education, skills, and internal equity. Eide Bailly LLP is proud to be an affirmative action/equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, veteran status, or any other status protected under local, state or federal laws.