CR Access Consulting is seeking a highly skilled, security savvy IT specialist to lead our cybersecurity
initiatives as we transition from CMMC Level 1 to Level 2. This role is ideal for a professional with deep
experience in DoD contracting, NIST 800-171, and CMMC compliance. The candidate will be responsible
for implementing and maintaining security controls that protect Controlled Unclassified Information (CUI)
across our systems and networks.

Hiring Type: PT (20 hours)
Job Location: Remote (HQ located in Virginia Beach, VA)

Key Responsibilities

  •  Lead the implementation of CMMC Level 2 security practices and controls
  • Ensure full alignment with NIST SP 800-171 requirements
  • Maintain System Security Plans (SSPs), POA&Ms, and incident response plans
  • Conduct gap analyses and readiness assessments for CMMC Level 2 certification
  • Collaborate with stakeholders and external assessors to prepare for CMMC assessments
  • Manage secure configurations, access controls, and audit logging across systems
  • Oversee vulnerability management, patching, and endpoint protection
  • Support both DoD and commercial clients with tailored cybersecurity solutions
  • Stay current on evolving CMMC and DoD cybersecurity mandates

Required Qualifications

  • Minimum 3 years of IT/cybersecurity experience, with experience supporting DoD contracts
  • Strong familiarity with NIST SP 800-171 and preparing for CMMC Level 2
  • Strong understanding of CUI protection, access control, and incident response
  • US citizenship required (due to federal contract requirements)
  • Ability to obtain and maintain a DoD security clearance

Preferred Certifications & Licensing

  • Security+ (CompTIA)
  • CISSP (ISC²)
  • CISM
  • CEH
  • Certified CMMC Professional (CCP)
  • Certified CMMC assessor (CCA)
  • CCSP (ISC²)
  • ITIL Foundation

Qualified experience may be substituted for applicable licenses and/or certifications

Education

(Minimum requirements/preferences) A bachelor’s degree in cybersecurity, computer science, information technology, information assurance or related subject

(Optional but highly valued) Advanced degree in cybersecurity, information systems or national security or intelligence studies (for defense-focused roles)

Qualified experience may be subsituted for degree(s).

www.cr-access-llc.com | 780 Lynnhaven Pkwy #436, Virginia Beach, VA 23452 | 910.273.7845

(Applicable for U.S. candidates only)

U.S. Employment Law Posters  

Virgina Labor Law Posters

CR Access Consulting LLC and its affiliates and subsidiaries (“CR Access”) have an internal recruiting department. CR Access may supplement that internal capability from time to time with assistance from temporary staffing agencies, placement services, and professional recruiters (“Agency”). Agencies are hereby specifically directed NOT to contact CR Access employees directly in an attempt to present candidates – CR Access’s recruiting team or other authorized CR Access personnel must present ALL candidates to hiring managers.

To protect the interests of all parties, CR Access will not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to CR Access, including unsolicited resumes sent to a CR Access mailing address, fax machine or email address, directly to CR Access employees, or to CR Access’s resume database will be considered CR Access property. CR Access will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume. CR Access will consider any candidate for whom an Agency has submitted an unsolicited resume to have been referred by the Agency free of any charges or fees.

Agency must obtain advance written approval from CR Access’s recruiting function to submit resumes, and then only in conjunction with a valid fully-executed contract for service and in response to a specific job opening. CR Access will not pay a fee to any Agency that does not have such agreement in place.

Agency agreements will only be valid if in writing and signed by an officer of CR Access or his/her designee. No other CR Access employee is authorized to bind CR Access to any agreement regarding the placement of candidates by Agencies. CR Access hereby specifically rejects, and denies any liability under, any agreement purporting to be accepted based on negative consent, negotiation with a candidate, performance, or any means other than the signature of a CR Access officer.