Job Description
Quality Assurance Individual, CMMC Assessments (CCA)
OCT Consulting is a business management and technology consulting firm that supports Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology.
Responsibilities and Duties
OCT currently has an opening for a Quality Assurance Individual, CMMC Assessments (CCA) to support the build-out of OCT’s CMMC Certified Third-Party Assessment Organization (C3PAO) practice. This position provides independent quality oversight of CMMC Level 2 certification assessments and must hold an active CCA certification. The role is named alongside the assessment team in the CMMC Level 2 assessment process and is subject to the same background investigation requirement.
Day to day responsibilities include:
Provide independent quality assurance review of CMMC Level 2 certification assessments, ensuring methodology, evidence sufficiency, scoring, and determinations are consistent, complete, and defensible.
Review assessment plans, evidence packages, working papers, and final reports prior to issuance of any Certificate of CMMC Status.
Maintain and continuously improve the C3PAO quality management system in alignment with ISO/IEC 17020:2012 and Cyber AB requirements.
Verify adherence to NIST SP 800-171A assessment procedures and to the Cyber AB Code of Professional Conduct, conflict-of-interest, ethics, and impartiality requirements.
Identify nonconformities, track corrective actions, and support internal audits and management reviews.
Ensure assessment records are complete and retained per policy, and support DIBCAC and Cyber AB oversight and surveillance activities.
Maintain independence from the assessment teams whose work is being reviewed in order to preserve impartiality of the quality function.
Must be a U.S. Citizen. U.S. citizenship is mandatory for this role because all personnel participating in the CMMC Level 2 certification assessment process must complete a Tier 3 background investigation resulting in a determination of national security eligibility.
Active Certified CMMC Assessor (CCA) certification in good standing (required for this role in addition to quality responsibilities).
Must be able to obtain and maintain a favorable Tier 3 background investigation resulting in a national security eligibility determination (this is not a security clearance and is not for the purpose of government employment). The investigation will involve a credit, fingerprint, and law enforcement agency check.
Bachelor’s degree in cybersecurity, information technology, quality management, or a related field, or equivalent professional experience.
Typically 6+ years of cybersecurity, information assurance, audit, or quality experience, including NIST SP 800-171 / CMMC.
Knowledge of ISO/IEC 17020:2012, quality management systems, and internal auditing practices.
Familiarity with NIST SP 800-171 Rev 2, NIST SP 800-171A, and 32 CFR Part 170.
Certifications such as CISA, ISO 17020 / quality auditor credentials, or CISSP preferred.
Strong attention to detail, sound independent judgment, and the ability to maintain impartiality.
Location / on-site: Remote-eligible with occasional to client sites travel as required.
Salary Range: $35- $50 hourly commensurate with experience, education, etc. This role may be available as either a part-time or full-time opportunity.
