Senior Microsoft Technical Lead

CMMC Consulting Practice Leadership

• Lead CMMC Level 2 consulting engagements from initial assessment through certification readiness
• Conduct gap assessments against NIST SP 800-171 and CMMC Level 2 requirements for diverse client environments
• Develop customized remediation roadmaps scaled to client size, budget, and technical capabilities
• Prepare organizations for C3PAO assessments and provide certification readiness reviews
• Support multiple concurrent client engagements across various industries and organizational sizes

Microsoft Security Solutions Architect

• Design right-sized Microsoft security solutions appropriate for small business through enterprise clients
• Architect scalable implementations of Microsoft 365 (Business Premium to E5/G5), Azure, and Defender suite based on client maturity and budget
• Implement Microsoft Purview, Azure Information Protection, and DLP solutions tailored to CUI protection requirements
• Deploy Microsoft Sentinel or cost-effective alternatives for security monitoring across client environments
• Guide clients on Azure Government vs. commercial cloud decisions based on CMMC requirements
• Create reusable frameworks and templates that accelerate client implementations

Client Advisory & Strategic Guidance

• Serve as trusted advisor to C-suite and senior leadership on CMMC strategy and investment priorities
• Translate complex CMMC requirements into actionable business recommendations
• Provide guidance on scope definition, boundary establishment, and enclave strategies
• Advise on contractor teaming arrangements and CMMC compliance flow-down requirements
• Present security program maturity assessments and executive-level progress reporting
• Support proposal development and contract reviews for CMMC-related security requirements

Team Leadership & Practice Development

• Build and mentor a team of 4-6 security consultants with diverse skill sets and experience levels
• Develop standardized methodologies, playbooks, and accelerators for CMMC consulting engagements
• Establish quality assurance processes and peer review mechanisms for client deliverables
• Create training programs to elevate team capabilities in CMMC and Microsoft security technologies
• Foster culture of client success, technical excellence, and continuous learning
• Manage resource allocation and workload distribution across concurrent client engagements

Practice Growth & Thought Leadership

• Identify opportunities to expand consulting services and develop new offerings
• Contribute to business development activities and proposal responses
• Represent the practice at client events
• Develop thought leadership content on CMMC implementation best practices
• Build relationships with Microsoft partners, C3PAOs, and industry organizations
• Stay current on CMMC program updates and DoD cybersecurity requirements

Required Qualifications

• Bachelor's degree in Computer Science, Information Security, or related field (Master's preferred)
• 10+ years of progressive experience in information security and compliance, with significant consulting experience
• 5+ years leading teams and managing multiple concurrent projects or client engagements
• Proven track record successfully guiding organizations through CMMC/NIST SP 800-171 implementations
• Deep expertise working with small businesses through enterprise organizations on compliance initiatives
• Extensive hands-on experience implementing Microsoft security solutions across varied environments
• Strong understanding of Defense Industrial Base, CUI handling requirements, and DFARS compliance
• Experience translating technical requirements into business terms for non-technical stakeholders

Technical Competencies

• CMMC Level 2 and NIST SP 800-171 control implementation across diverse environments
• Microsoft 365 security architecture (Business Premium through E5/G5 licensing)
• Azure and Azure Government cloud security configurations
• Microsoft Defender suite deployment and optimization
• Microsoft Purview, Azure Information Protection, and data classification strategies
• Microsoft Sentinel and cost-effective SIEM alternatives
• Identity and Access Management solutions (Azure AD, Conditional Access)
• Network segmentation and boundary protection strategies
• Security documentation and technical writing

Preferred Certifications

• CISSP, CISM, or equivalent security leadership certification
• Microsoft security certifications (SC-200, SC-300, SC-400, AZ-500)
• NIST SP 800-171 assessment experience or DIBCAC certification
• Additional relevant certifications (Security+, CISA, GCIH, GIAC)

Key Competencies

• Client Relationship Management: Build trust and credibility with stakeholders at all organizational levels
• Adaptive Communication: Translate technical concepts for audiences from small business owners to enterprise CISOs
• Scalable Solutions Design: Right-size security programs based on organizational maturity, resources, and risk tolerance
• Business Acumen: Balance security requirements with operational realities and budget constraints
• Project Leadership: Manage complex, multi-phase engagements with competing priorities and timelines
• Mentorship: Develop junior consultants and elevate overall team capabilities
• Problem-Solving: Navigate unique challenges across diverse client environments and technical landscapes

Travel Requirements

• Approximately once per month for client site visits, assessment activities, team meetings, or industry conferences. Travel frequency may increase during initial client onboarding phases or certification preparation periods. Expectation is 10-15% travel annually.

Ideal Client Engagement Experience

• Small businesses (50-500 employees) new to CMMC requirements
• Mid-market companies establishing CUI handling environments
• Enterprise defense contractors optimizing existing compliance programs
• Organizations transitioning from NIST SP 800-171 self-assessment to CMMC Level 2 certification
• Companies implementing Microsoft cloud solutions for government contracting
• Defense Industrial Base supply chain participants navigating flow-down requirements