Cybersecurity Assessments/Mitigations Control Systems Cybersecurity Consultant

Introduction

A Security Consultant within Cyber Strategy & Risk specializes in implementing security solutions for clients and stakeholders, while addressing security, regulatory, risk, and compliance issues. They maintain a current understanding of industry trends and hold multiple certifications in key cyber security areas. As a trusted advisor, they lead in identifying risks and developing mitigation plans, and define business-driven security strategies and roadmaps. This role requires a professional who can effectively communicate and collaborate with various stakeholders to ensure the successful implementation of security initiatives and the achievement of business objectives.

Your role and responsibilities

The Assessments & Mitigations Control Systems Cybersecurity Consultant will apply 3-5 years of hands-on experience to manage and perfrom excution oversight a broad range of cybersecurity assessments-spanning Mission Assurance, Energy Resilience Readiness Exercises (ERRE), Cyber Resilience Readiness Exercises (CRRE), and Defense Critical Infrastructure (DCI) evaluations. This mid-tier consultant will design and lead assessment engagements, develop targeted mitigation and recovery strategies, and ensure workforce roles and certifications align with assessment and response requirements. The role requires strong analytical skills, thorough risk-evaluation expertise, and effective stakeholder collaboration to continuously strengthen mission-critical cyber resilience.

• Lead Cybersecurity Assessments (25%) Plan and perform oversight of execution of Mission Assurance, ERRE, CRRE, and DCI assessments-defining scope, objectives, and success criteria.
• Develop & Coordinate Mitigations (25%) Based on assessment outcomes, design remediation plans, assign responsibilities, and track implementation through completion.
• Align Workforce Roles & Certifications (15%) Evaluate team competencies, recommend training paths, and ensure personnel hold required DoD/industry certifications.
• Analysis, Reporting & Briefings (20%) Produce comprehensive reports, risk dashboards, and deliver briefings to senior stakeholders on findings and recovery status.

• Cybersecurity Assessment & Risk Evaluation - Leading RMF-style assessments, tabletop exercises, and infrastructure evaluations
• Mission Assurance Testing - Execution oversight of assessments that map cyber vulnerabilities to mission-critical functions
• ERRE/CRRE Process Management - Planning, conducting, and reporting on Energy/Cyber Resilience Readiness Exercises
• DCI Assessment Expertise - Evaluating and prioritizing risks to Defense Critical Infrastructure systems
• Mitigation Strategy Development - Designing and coordinating response and recovery plans based on assessment findings
• Analytical Reporting - Producing detailed technical reports and executive summaries on risk posture and mitigation effectiveness
• Stakeholder Facilitation - Leading cross-functional workshops, documenting action items, and driving closure of findings

• Workforce Certification Alignment - Mapping cybersecurity job roles to required DoD and industry certifications
• Must have DOD US Secret Clearance

• Automated Assessment Tools - Using scripting (Python, PowerShell) or platforms (Nessus, SCAP) to streamline vulnerability scanning
• Data Fusion & Visualization - Building dashboards (Splunk, ELK, PowerBI) to correlate assessment data and track metrics
• Supply Chain Risk Management - Incorporating third-party and component risks into overall assessment scope
• eMASS / GRC Systems - Populating controls, evidence, and POA&Ms in eMASS or equivalent governance tools
• Digital-Twin Modeling - Applying "digital twin" frameworks to simulate control-system resilience scenarios
• Incident Response Coordination - Supporting playbook creation and after-action reviews for assessed vulnerabilities
• Cloud/Edge OT Security - Assessing resilience of OT assets integrated with AWS, Azure, or edge-computing platforms

• Professional Certification Pursuit - Progress toward CISSP, CISM, GICSP, or similar credentials

• Healthcare benefits including medical & prescription drug coverage, dental, vision, and mental health & well being
• Financial programs such as 401(k), cash balance pension plan, the IBM Employee Stock Purchase Plan, financial counseling, life insurance, short & long- term disability coverage, and opportunities for performance based salary incentive programs
• Generous paid time off including 12 holidays, minimum 56 hours sick time, 120 hours vacation, 12 weeks parental bonding leave in accordance with IBM Policy, and other Paid Care Leave programs. IBM also offers paid family leave benefits to eligible employees where required by applicable law
• Training and educational resources on our personalized, AI-driven learning platform where IBMers can grow skills and obtain industry-recognized certifications to achieve their career goals
• Diverse and inclusive employee resource groups, giving & volunteer opportunities, and discounts on retail products, services & experiences