Opportunity sourced from the Official SkillBridge website. Not endorsed by the Department of Defense.
The Quality Manager is responsible for developing, implementing, maintaining, and continually improving the C3PAO’s Quality Management System (QMS) to ensure conformity with ISO/IEC 17020 and the organization’s CMMC assessment policies, procedures, and operational controls. This role provides independent quality oversight of CMMC Level 2 assessment planning, execution, reporting, and records management, ensuring assessments are consistent, defensible, auditable, and aligned with accreditation and program requirements.
ISO/IEC 17020 Compliance & QMS Governance● Own and maintain the ISO/IEC 17020-compliant QMS, including quality manual, policies, procedures, work instructions, forms, and records.● Establish and manage document control, record retention, versioning, and change management for quality and assessment artifacts.● Lead internal audits, management reviews, and continual improvement activities; track outcomes to closure.● Maintain a compliance calendar and readiness posture for accreditation surveillance, reassessments, and related external reviews.● Ensure staff competency, training, and authorization records meet ISO/IEC 17020 expectations CMMC Assessment Process Quality & Consistency● Define and enforce standard assessment process controls across the assessment lifecycle (pre-assessment, planning, evidence collection/sampling, onsite/remote execution, scoring, reporting, and closure).● Establish and maintain quality criteria for assessment deliverables.● Conduct quality reviews of assessment packages for completeness, consistency, and defensibility prior to final release.● Validate adherence to internal policies for evidence handling, confidentiality, data protection, and records integrity. Impartiality, Independence, and Risk Management● Manage the impartiality program: identify, evaluate, document, and mitigate threats to impartiality (including conflicts of interest).● Maintain an impartiality risk register and ensure mitigation actions are implemented and reviewed.● Participate in contract review processes to ensure scope, independence constraints, and quality requirements are understood and satisfied before engagement acceptance.Nonconformity, Corrective Action, and Preventive Improvement● Own the nonconformity and corrective action process (NCR/CAR/PAR): intake, triage, root cause analysis, action planning, verification of effectiveness, and closure.● Track and trend quality metrics and nonconformities to identify systemic issues, training needs, and process improvement opportunities.● Coordinate lessons learned and corrective action communication to assessment teams while protecting independence and confidentiality.Training, Competency, and Performance Evaluation● Define competency requirements by role (e.g., assessor, lead assessor, quality reviewer, technical SME) and implement training plans.● Administer periodic performance evaluations for assessment personnel to satisfy ISO/IEC 17020 training evaluation expectations.● Ensure onboarding and continuous training include quality policies, impartiality, records handling, and assessment process requirements.Stakeholder & Accreditation Interface● Serve as the quality point of contact for accreditation bodies and external auditors for QMS-related requests and audits.● Coordinate responses to audit findings, ensuring timely, evidence-based corrective action documentation.● Support executive leadership with compliance status reporting, risk posture, and quality KPI dashboards.
Requirements● 4+ years of experience in quality management, cybersecurity, or information systems (or equivalent experience).● Demonstrated experience managing a QMS in a conformity assessment environment (inspection, certification, audit, or regulated quality programs).● Experience establishing SOPs, metrics, internal audits, and corrective and preventive action (CAPA) processes in a high-assurance environment.● Strong writing and documentation skills.● Ability to work independently, maintain confidentiality, and exercise sound judgment.● Must be eligible to obtain and maintain the applicable Tier 3 (T3) background investigation / clearance level required to support CMMC assessment operations and/or access to controlled environments.● Must obtain and maintain the CMMC Certified Professional (CCP) credential within sixty (60) days of hire, as a condition of continued employment in the role.Preferred● ISO/IEC 17020 Lead Auditor training or equivalent audit qualification.● Working knowledge of ISO/IEC 17020 concepts: impartiality, competence, consistent operations, document/record control, internal audit, management review, and corrective actions.● Prior experience in cybersecurity assessments, governance/risk/compliance (GRC), or third-party assessment programs.● Familiarity with CMMC L2 assessment workflows, evidence practices, and assessment defensibility expectations.● Experience with secure records systems, controlled information handling, and quality tooling (ticketing, CAPA, doc control platforms).
US Air Force, US Army, US Coast Guard, US Marine Corps, US Navy, US Space Force
This is a fully remote position.
Send a professional application in seconds, created by prior SkillBridge POCs.
