Do you think Mandiant is a good provider for Security Program Assessment on IT security? I have seen that they have good grades on consulting but they are not graded on Assessments. Would you recommend another provider?

I will echo Raphael Mayr and Matthew Stamper's statements that the engagement would be consultant-specific, but Madiant does a great job at post-compromise assessment.  Perhaps find out what kind of experience the proposed assessor-consultant has in your industry.  Were they in a leadership or individual contributor role regarding that industry experience?  If the organization does not have a large bench of consultants, one must closely evaluate the proposed individuals.  

Mandiant tends to do a stellar job on live incident response and forensics. With respect to assessments, it may be predicated on the type of assessment contemplated. If Mandiant is doing a compromise assessment, I'd vote a strong yes. If they are looking at how a security program is structured, its alignment to a framework or standard, or the maturity of the security program, I'd think there'd be a number of competitive options. 

As with every consultancy it depends on the consultant. Personally i like mandiant because they are honest, and try to be as much as possible to do a independant proposal without driving one or the other vendor.