C3 Integrated Solutions works with U.S. federal and defense contractors, many of whom are small and mid-sized businesses in aerospace and defense, manufacturing, technology, or R&D, to implement security controls and help develop mature cybersecurity and compliance practices.
The Associate Compliance Consultant plays a supportive role in the development and management of a Governance, Risk, and Compliance (GRC) program within client organizations. This role works collaboratively with client stakeholders including business leaders and internal IT, as well as C3’s professional services and managed services teams and third-party service providers.
What You'll Do
• Document & scope: Support mapping data flows for FCI/CUI; assist in defining system scope (people, processes, technology) for assessments.
• Assess & track: Support readiness assessments against NIST SP 800-171/CMMC L1–L2; collect artifacts; log gaps and actions in POA&Ms.
• Author & maintain: Draft and update sections of System Security Plans (SSPs), policies, procedures, and diagrams using C3 templates.
• Evidence management: Organize client evidence in approved repositories; keep versioning and status current.
• Client coordination: Schedule/record working sessions; capture meeting notes, actions, and owners; follow up on actions to keep timelines on track.
• Advisory support: Reach out to team members with questions; escalate risks and blockers promptly.
• Tooling & hygiene: Use project/ticket tools (e.g., Asana/ConnectWise), GRC platforms (e.g., FutureFeed/Hudu), MS 365, and Copilot to keep work visible and auditable.
• Quality & consistency: Apply C3 formatting and naming standards; ensure deliverables are clear, complete, and client-ready.
What You’ll Learn
• How to operationalize CMMC L1–L2 and NIST SP 800-171 in small/midsize defense contractors.
• How to build durable compliance artifacts (SSP, policies, procedures, diagrams, POA&M) that pass audits and assessments.
What You'll Bring
You’re a strong communicator who wants to grow in security consulting. You bring a positive, client-service mindset and love organizing details into clean, reliable deliverables. You have exposure to IT/IS, compliance & risk, or consulting, and you’re comfortable learning frameworks like CMMC, NIST, CIS, and MITRE ATT&CK with guidance from senior consultants.
• 0–3 years in cybersecurity/compliance/IT audit/IT ops or relevant internships/coursework/projects.
• Clear, concise writing and professional client communication skills.
• Strong organization and follow-through; comfortable managing checklists, evidence, and deadlines across multiple clients.
• Working knowledge of core security/compliance concepts (access control, logging, vulnerability management, incident response).
• U.S. work authorization and ability to handle sensitive, client-confidential information.
• Awareness of U.S. export control requirements under ITAR and EAR
• Occasional (<10%) travel to various work sites throughout the U.S. may be required
Preferred
• Familiarity with NIST SP 800-171, DFARS 252.204-7012, CMMC v2 concepts.
• Experience with Microsoft 365/Azure security features; exposure to GCC High/Azure Government is a plus.
• Comfort with GRC/evidence tools, ticketing/project tools, and diagramming using industry standard applications.
• Industry certifications in progress or held (e.g., Cyber AB RP/CCP, Security+) or a plan to pursue CCP within 6–12 months.
• Bachelor’s degree in cybersecurity, information systems, engineering, or related field (or equivalent experience).
What You'll Get
• To be a part of one of the fastest-growing companies in America, and a talented team to back you up.
• An awesome culture, backed up by winning several Best Places to Work awards.
• Remote work opportunities
• Medical, Dental, Vision Insurance
• Four Weeks of Paid Time Off (vacation & sick leave)
• Four weeks of Paid Maternity and Paternity leave
• Two days of Paid Volunteer Time
• 401(k) with 4% Company Match
• Company Bonus Structure
• Tuition Reimbursement
• Employer-sponsored Disability & Life Insurance
• Professional Development
This a remote position with minimal travel.
C3's Core Values:
Team Human: Respecting all humans is a critical part of who we are at C3. We practice integrity in all interactions, we empathize with others, we create a supportive work environment, and we support the communities in which we live and operate.
Security First: At the cornerstone of our business, we prioritize security above convenience, cost or efficiency. A “security-first” approach means we practice what we preach and we lead by example for our clients.
Be an Advocate: We are passionate in our advocacy for our customer’s success and a path to the best solution for their business. We embrace feedback, put ourselves in your shoes and advocate for your interests as our own.
Embrace Change: It's a practical necessity in an industry that never stands still. As a new entity born from the merger of two top-ranked CMMC-focused IT services companies, we're keenly aware that our success hinges on our ability to adapt - whether that means integrating new platforms, refining processes, or keeping pace with changing guidelines.
Resilience: Our ability to withstand adversity and accomplish objectives while maintaining professionalism and discipline is critical to successful crisis management and risk avoidance.
C3 Integrated Solutions is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status, or any other characteristic protected by law.
This is a general description of the duties, responsibilities and qualifications required for this position. Physical, mental, sensory, or environmental demands may be referenced to communicate the way this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, C3 Integrated Solutions will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.