Lead CCA

Sensiba is always looking for top talent to add to our integrated team. We have an exciting opportunity for a Lead CCA in our GRC Department. If you're looking for an organization that offers an inclusive environment, uses business as a force for good, and supports you and your family with flexible work options and attractive benefits, take the first step toward joining the Sensiba team!

Named a Top 100 Accounting Firm and Top Workplace USA, we're recognized for exceptional employee engagement and dedication in helping our clients solve problems, navigate complexity, and build a foundation for sustainable growth.

In 2018, we became a certified B Corporation (B Corp ). The B Corp certification distinguishes companies that use the power of business to solve social and environmental problems. It helps us better assess how our core values align with our daily operations and identify where we can improve.

Summary:

We are seeking a highly experienced and credentialed Lead CMMC Assessor (Lead CCA) to spearhead the development, management, and expansion of our C3PAO (Certified Third Party Assessor Organization) practice. This individual will be responsible for building a robust assessment program aligned with the Cybersecurity Maturity Model Certification (CMMC) framework and managing a team of assessors to deliver high-quality, compliant assessments to clients across the Defense Industrial Base (DIB).

This is a strategic leadership role with direct influence over practice design, team development, service delivery, and client engagement.

Responsibilities:

• Lead the establishment and operationalization of the organization's Certified Third-Party Assessor Organization (C3PAO) program in alignment with CyberAB and Department of Defense (DoD) requirements.
• Serve as the primary Lead Certified CMMC Assessor (Lead CCA) responsible for planning, executing, and overseeing CMMC Level 2 assessments for clients within the Defense Industrial Base (DIB).
• Develop and implement scalable assessment methodologies, tools, and quality assurance procedures to ensure consistency, accuracy, and compliance across all engagements.
• Recruit, train, and mentor a team of Certified CMMC Assessors (CCAs) and support personnel to build a high-performing assessment practice.
• Maintain continuous compliance with C3PAO accreditation requirements, including adherence to independence and ethical standards, conflict-of-interest policies, and audit recordkeeping obligations.
• Liaise directly with external regulatory entities such as the CyberAB and DIBCAC, managing all correspondence, audit planning, and reporting requirements.
• Support business development efforts by participating in client consultations, contributing to proposals, and identifying strategic growth opportunities for the CMMC service line.
• Monitor and respond to changes in the CMMC ecosystem, NIST SP 800-171 guidelines, DFARS regulations, and other federal cybersecurity requirements, adjusting internal processes as needed.
• Deliver high-quality, timely, and well-documented assessment reports, findings, and recommendations to clients and stakeholders.
• Promote a culture of cybersecurity excellence and regulatory compliance within the organization and across client engagements.

Qualifications:

• A bachelor's degree in cybersecurity, information technology, computer science, information assurance, or a related field.
• Candidates with a master's degree in cybersecurity, information systems, business administration, or a related discipline will be viewed favorably, particularly if the role requires strategic planning or executive-level interaction.
• 7+ years of experience in cybersecurity compliance, IT risk management, internal audit, or related areas, ideally within environments supporting federal or defense contractors.
• 3+ years of experience in positions of leadership or practice management role, where they have built teams, managed assessors, or overseen assessment engagements.
• Direct experience conducting or supervising cybersecurity assessments or audits aligned with frameworks such as the Cybersecurity Maturity Model Certification (CMMC), NIST SP 800-171, or NIST SP 800-53. This includes experience evaluating technical and administrative controls, interpreting compliance requirements, and working directly with clients or internal stakeholders to validate implementations.
• Familiarity with Department of Defense acquisition regulations (e.g., DFARS 252.204-7012), the broader Defense Industrial Base (DIB) cybersecurity environment, and the practical application of boundary protections, enclave architecture, and system security measures within contractor networks.
• Applicants are encouraged to hold advanced industry certifications that demonstrate a high level of technical and audit proficiency. These may include the Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified Ethical Hacker (CEH). Possession of one or more of these certifications indicates a strong foundation in technical controls, governance frameworks, and risk-based auditing practices.
• Experience working in or with a Certified Third-Party Assessor Organization (C3PAO), especially in a leadership or operational role, is highly desirable.
• Candidates who have participated in formal CMMC assessments or readiness engagements will be prioritized.
• Familiarity with DoD cybersecurity programs, government contracting environments, and regulatory frameworks such as FedRAMP or FISMA further enhances a candidate's qualifications.

There are many reasons to join the Sensiba team: generous benefits, competitive compensation, professional advancement opportunities, and above all - our people. If you're looking for an environment that offers you growth, success, and professionalism without compromising your family, passions, and life outside of work, apply today!

Sensiba has a robust offering of benefits, including:

• Medical, dental, vision
• Generous PTO plan and paid sick time
• Flexible work arrangements
• 401K with company match
• Discretionary performance bonus
• Business referral incentive pay
• Sabbatical leave
• 11 paid holidays

For individuals based in San Francisco, consistent with the SF Fair Chance Ordinance, an arrest and conviction record will not automatically disqualify a qualified applicant from consideration.

For individuals who would be working within the City of Los Angeles, Sensiba will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.

Sensiba LLP is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation, gender identity, or any other characteristic protected by law.

Sensiba LLP complies with federal and state disability laws and makes reasonable accommodations for applicants and employees with disabilities. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact us at talent@sensiba.com.

Certain states require employers to disclose the pay range in job postings. This position may be eligible for an annual discretionary bonus. For more information about our benefit offerings and other total rewards, contact our human resources team.

Compensation Range: $180,000 - $220,000 base per year plus additional bonus opportunity

*Compensation may vary based on skills, role, and location*