MSSP Cybersecurity Advisor

At C3, we are pioneers in managed security services and incident response. We're committed to helping organizations make better decisions, reduce risk, and build resilient operations.

We work with organizations that range from growing businesses to highly regulated environments. Many of them know security matters, but they need trusted advisors who can translate complex frameworks and technical risks into practical, actionable guidance.

That is where our Cybersecurity Advisors come in.

If you have experience with diverse cybersecurity frameworks and enjoy solving complex security problems, building strong client relationships, and helping organizations mature their security programs, this role may be a great fit.

Cybersecurity Advisor

C3 is looking for a Cybersecurity Advisor who is self-motivated and comfortable working both independently and as part of a collaborative consulting team.

In this role, you will act as a trusted cybersecurity subject matter expert (SME) helping clients understand their risk posture and implement meaningful improvements to their security programs. You will work directly with client leadership, technical teams, and compliance stakeholders to assess environments, identify gaps, and design practical security strategies.

Some days may involve reviewing security policies or conducting risk assessments. Other days may involve advising executives on security strategy, leading tabletop exercises, or helping organizations prepare for compliance audits.

The common thread is simple: helping clients make smart security decisions.

The Cybersecurity Advisor should be familiar with Federal laws, NIST information security concepts and frameworks, and common industry standards such as SOC 2, CIS, ISO 27001, COSO, PCI-DSS, HIPAA, and COBIT.

What You'll Do

• Perform Risk Assessments (utilizing well-known frameworks such as NIST CSF, NIST RMF, CIS RAM, ISO27001)
• Provide Security Control Implementation (NIST 800-53, NIST 800-171, CIS 18, PCI-DSS, HIPAA)
• Perform Gap Analyses (based on compliance frameworks such as AICPA SOC 2, HIPAA, PCI-DSS, FFIEC)
• Develop Simulated Phishing Testing Campaigns
• Develop and Implement Security Awareness Training Programs
• Act as Virtual Chief Information Security Officer to Clients
• Perform Business Impact Analyses (BIA)
• Facilitate Incident Response & Business Continuity Tabletop Exercises
• Review, Develop, and Implement Cybersecurity Risk Management Programs
• Review, Develop, and Implement Vendor/Third Party Risk Management Programs
• Review & Develop Policies (Information Security, Business Continuity, Disaster
• Recovery, Incident Response, Vulnerability Lifecycle Management, Physical Security, etc.)
• Communicate Assessment Results with Management and Executives
• Analyze Conditions and Offer Recommendations on Best Practice
• Establish and Maintain Strong Client Relationships
• Assist with further developing our next generation service offerings and the infrastructure required to facilitate these offerings (proposals, client-facing materials, work programs, templates)

What You'll Bring

• Minimum of 5+ years working in Cybersecurity roles such as Consulting, Auditing, and Project Management
• CISSP, CISA, CGRC, GSE, or CISM Certification
• Bachelor’s Degree in Business, Accounting, Cybersecurity, Information Technology, Computer Science, Computer Information Systems, or a related discipline
• Understanding in the areas of Information Assurance, Risk Management, Information Security, IT Audits, Compliance, Internal Control Frameworks, and Risk Assessments
• Demonstrated ability to prioritize while simultaneously managing multiple projects, often under tight deadlines
• Business-fluent written and spoken English language skills
• Excellent written and verbal communications skills
• Proven commitment to providing exceptional client service
• Effective time management and organizational skills
• Team player with strong interpersonal communication
• Self-starter with a strong work ethic
• Able to perform work which requires attention to detail, analytical ability, and organization
• Skilled at using Microsoft Excel, Word, PowerPoint, etc.
• Strong attention to detail

This a remote US-based position with minimal travel.

What You'll Get

• To be a part of one of the fastest-growing companies in America, and a talented team to back you up.
• An awesome culture, backed up by winning several Best Places to Work awards.
• Medical, Dental, Vision Insurance
• Four Weeks of Paid Time Off (vacation & sick leave)
• Four weeks of Paid Maternity and Paternity leave
• Two days of Paid Volunteer Time
• 401(k) with 4% Company Match
• Company Bonus Structure
• Tuition Reimbursement
• Employer-sponsored Disability & Life Insurance
• Professional Development

C3's Core Values:

• Team Human: Respecting all humans is a critical part of who we are at C3. We practice integrity in all interactions, we empathize with others, we create a supportive work environment, and we support the communities in which we live and operate.
• Security First: At the cornerstone of our business, we prioritize security above convenience, cost or efficiency. A “security-first” approach means we practice what we preach and we lead by example for our clients.
• Be an Advocate: We are passionate in our advocacy for our customer’s success and a path to the best solution for their business. We embrace feedback, put ourselves in your shoes and advocate for your interests as our own.
• Embrace Change: More than a core value, at C3 it's a practical necessity in an industry that never stands still. As a new entity born from the merger of two top-ranked CMMC-focused IT services companies, we're keenly aware that our success hinges on our ability to adapt—whether that means integrating new platforms, refining processes, or keeping pace with changing CMMC guidelines.
• Resilience: Our ability to withstand adversity and accomplish objectives while maintaining professionalism and discipline is critical to successful crisis management and risk avoidance.