Practice Manager, Director, Principal (NIST/CMMC)

112Cyber is seeking an experienced Services leader and Cyber Compliance professional ready to lead the growth and execution of our CMMC Compliance practice and team members. This practice includes both Advisory services (Gap assessments, compliance advisement) and C3PAO services in the cyber compliance domain.  

As titles vary across the industry, 112Cyber is seeking the equivalent of a Practice Manager, Director, Principal, or a leader that is currently in a similar role. 

In this role, you will be responsible for shaping and scaling our CMMC compliance services, owning customer delivery outcomes, and serving as a senior advisor to both clients and internal teams. 

As the leader of the Compliance practice, you will drive strategic oversight of customer engagements, mentor and develop consultants, establish delivery standards, and partner closely with our platform and product teams to influence roadmap decisions based on customer needs. 

How You’ll Drive Success:  

Success in this role predicates that 112Cyber will only consider applicants with a current or former background in leading and growing a successful professional services organization in the cyber risk and compliance domain. A mix of advisory and attestation experience is ideal. 

Practice Leadership 

For both 112Cyber’s CMMC Advisory practice and C3PAO services: 

Delivery Management 

Drive the highest levels of customer success and satisfaction by ensuring delivery excellence, client satisfaction, and clear ongoing compliance partnership. 

• Oversee and govern cybersecurity compliance engagements executed by senior consultants, ensuring consistent quality, methodology, and client outcomes. 
• Provide senior advisory oversight for customer programs supporting DFARS, CMMC, FedRAMP, NIST CSF and NIST SP 800-171 initiatives. 
• Own engagement success by partnering with client leadership to align regulatory requirements with business goals and risk tolerance. 
• Review and validate assessment approaches, control testing strategies, and evidence packages for readiness and formal certification efforts. 

Practice Development 

• Build and scale practice capability through the creation of repeatable delivery processes and ongoing consultant development. 

Team Member (Employee) Development 

• Advise 112Cyber’s ASCERA team on changing compliance requirements and rule interpretation to inform CMMC software development. 
• Manage practice resources and capacity, aligning consultant skills and availability to active projects while balancing utilization, delivery timelines, and customer priorities. 

Formal C3PAO Assessments 

As 112Cyber’s business is focused on CMMC (as opposed to SOC2, FedRAMP, and other consulting and/or attestation services), the individual will need to either be or become CMMC proficient. You will act as a backstop to 112Cyber consultants and customers and will need domain expertise that drives team member and customer success. 

• Oversee formal CMMC assessments conducted by assessment teams, ensuring adherence to C3PAO requirements, assessment methodology, and accreditation standards. 
• Serve in the C3PAO QA role to ensure the effectiveness and accuracy of assessment results by validating that security measures align with CMMC practices and processes for the assigned maturity level. 
• Review and approve evidence packages, including technical artifacts such as system logs, incident reports, and audit trails, to confirm compliance and defensibility of conclusions. 
• Ensure consistent and unbiased assessment execution, maintaining strict objectivity and evidence-based decision making throughout the assessment lifecycle. 
• Oversee assessment documentation and submission readiness for CMMC-AB, ensuring completeness, quality, and regulatory compliance across all C3PAO engagements. 
• Maintain assessment integrity and consistency across the practice by enforcing standardized procedures, quality controls, and continuous improvement of the C3PAO program. 

Requirements

To Be Successful: 

Cyber Risk and Compliance Domain Expertise 

• 5–8+ years of experience in IT security controls testing and documentation, including responsibility for managing and overseeing client control testing efforts. 
• 5+ years of experience leading and coordinating external and internal audit activities, including DFARS, CMMC, NIST 800-53, or similar regulatory assessments. 
• 5+ years of experience producing high-quality technical documentation, compliance deliverables, and executive-level reports. 

Services Industry experience 

• 3+experience in practice leadership, including managing consultant performance, capacity planning, delivery quality, and continuous improvement of service offerings. 

Soft Skills 

• Self-directed leader with a strong sense of ownership and accountability for outcomes. 
• Proven ability to engage executive stakeholders, build trusted relationships, and influence decision-making. 
• Exceptional communicator, able to translate complex technical and regulatory concepts into clear, actionable guidance for non-technical audiences.

Certifications (strongly preferred, not required) 

• Active Lead CMMC Certified Assessor (CCA) credential; if not CCA certified, willingness to obtain. 
• One or more industry certifications such as CISSP, CISM, CISA, CRISC, or equivalent. 

Benefits

Why 112Cyber? 

• The chance to be part of a winning team and a premier fast-growing Cyber Risk and Compliance firm (offering both Advisory and C3PAO services). 

• One of only under (100) C3PAOs in the United States approved by the CyberAB (DoD). [AB = Advisory Board, the organization set up by the DoD to manage and oversee the CMMC program.] 

• Strong culture tied to building an organization around top-performing human capital and customer success. 

• Ability to help shape the business in terms of this individual and their direct impact on an organization; looking for an entrepreneurial individual driven by growth and impact [not a “cog in a much larger wheel”]. 

• Growing sales pipeline based upon the growth in the CMMC market. 

• Competitive salary and bonus plan. 

• Long-term opportunity for equity interest in company. 

• Comprehensive medical, mental, and vision plans. 

• 401(k) with company match. 

• 30 days annual paid time off. 

• Significant Training and Development and Certification attainment. 

• Opportunity for long term career advancement. 

• Your contributions are felt and recognized at our growing company. 

About 112Cyber: 

112Cyber is an industry recognized CMMC solutions provider, offering both NIST 800-171 consulting services (Advisory based project work and Compliance as a Service) and C3PAO (Certified Third-Party Assessor Organization) services. 112Cyber is driven by Core Values that are both client and team-member focused. Our mission is to ensure that organizations in the Defense Industrial Base are effectively identifying and managing cyber risks while ensuring compliance with industry standards, federal laws, and regulations. 

#LI-Remote