Hotman Group is seeking a CMMC / NIST Consultant / Analyst to support client projects involving CMMC, SSP development, NIST SP 800-171, NIST SP 800-53, FedRAMP, evidence collection, control documentation, and remediation tracking.
This is a contract role that may be structured as part-time or full-time based on project needs and candidate availability. We are looking for a mid-level practitioner who can contribute to active client delivery work, produce strong documentation, and help move projects forward in a remote consulting environment.
What You'll Do
- Support client engagements related to CMMC readiness, implementation, and documentation
- Develop, update, and maintain System Security Plans (SSPs)
- Assist with NIST SP 800-171, NIST SP 800-53, and FedRAMP documentation, control mapping, and related deliverables
- Gather, organize, and review evidence supporting control implementation
- Draft and refine control narratives, policies, procedures, and related compliance documentation
- Identify gaps and support development of POA&Ms and remediation tracking
- Work with client stakeholders to collect information, validate details, and keep deliverables moving
- Contribute to readiness efforts tied to assessments, documentation, and ongoing compliance activities
What we're looking for
- 3-5 years of relevant experience in GRC, cybersecurity compliance, or related consulting work
- Hands-on experience with CMMC-related work (Required)
- Experience working with SSPs, policies, procedures, evidence collection, and remediation documentation (Required)
- Familiarity with NIST SP 800-171, NIST SP 800-53, and FedRAMP
- Strong writing and documentation skills
- Ability to work independently in a remote environment
- Strong organization, follow-through, and professionalism in client-facing work
- Comfort stepping into active projects and supporting delivery work with minimal hand-holding
Nice to Have
- Experience supporting CMMC Level 2 efforts
- Experience with CUI scoping, enclaves, or boundary discussions
- Familiarity with POA&Ms, assessment readiness, and control crosswalks
- Certifications such as CCP, CCA, CISSP, CISM, or CISA
Requirements
- Authorized to work in the U.S. with permanent work authorization
- Able to pass a background check
- Reliable high-speed internet and a secure remote work setup
About Hotman Group
Hotman Group is a remote boutique cybersecurity and GRC firm supporting clients across a range of industries and compliance needs. We value strong writing, quality work, collaboration, sound judgment, and practical execution.
This role is a strong fit for someone who wants to contribute to meaningful CMMC project work in a contract capacity, whether that means part-time project support or full-time contract availability.