IBM

A Security Consultant within Cyber Strategy & Risk specializes in implementing security solutions for clients and stakeholders, while addressing security, regulatory, risk, and compliance issues. They maintain a current understanding of industry trends and hold multiple certifications in key cyber security areas. As a trusted advisor, they lead in identifying risks and developing mitigation plans, and define business-driven security strategies and roadmaps. This role requires a professional who can effectively communicate and collaborate with various stakeholders to ensure the successful implementation of security initiatives and the achievement of business objectives.

The Risk/Mission Assurance Control Systems Cybersecurity Consultant will apply mid-tier technical expertise to support mission mapping and prioritization efforts across the Department of the Air Force Civil Engineer’s critical infrastructure. This role involves developing and executing risk-based strategies to identify, assess, and prioritize cyber vulnerabilities in OT/ICS environments, and partnering with operational teams and leadership to translate findings into actionable mitigation plans. The consultant will prepare and present concise reports and briefings, facilitate cross-functional workshops, and ensure alignment with NIST CSF, DoD guidance, and Air Force policies—all while leveraging emerging AI and data-analysis tools to enhance mission assurance.

• Mission Mapping & Prioritization (25%) Lead system- and mission-mapping activities to align OT/ICS cybersecurity strategies with critical mission requirements.
• Risk Assessment & Analysis (25%) Conduct comprehensive vulnerability assessments of SCADA, ICS, and related OT environments, quantifying mission impact.
• Strategic Briefings & Reporting (20%) Develop and deliver clear, concise reports and executive briefings on risk findings and mitigation recommendations.
• Stakeholder Collaboration (15%) Facilitate cross-functional workshops and working sessions to plan and prioritize risk-mitigation actions.

• Compliance & Governance (15%) Ensure all cybersecurity activities adhere to NIST CSF, DoD instructions, Air Force policies, and mission-assurance standards.

• Risk Management & Mission Assurance – 3+ years implementing NIST RMF and mission-assurance methodologies in DoD or civilian critical-infrastructure contexts
• OT/ICS Cybersecurity – 3+ years securing SCADA, ICS, and other operational-technology systems
• Vulnerability Prioritization & Mission Mapping – 3+ years developing risk-based frameworks that align cyber vulnerabilities to mission impact
• Strategic Briefing & Communication – 3+ years delivering technical reports and briefings to mid‐ and senior-level stakeholders
• Cybersecurity Governance & Compliance – 3+ years ensuring conformance with NIST CSF, DoD instructions, and Air Force policies
• Stakeholder Engagement & Facilitation – 3+ years leading workshops and working sessions to plan risk mitigation
• Project Management – 3+ years coordinating schedules, deliverables, and cross-team efforts in cybersecurity projects
• Technical Analysis & Reporting – 3+ years conducting risk assessments and translating technical data into actionable recommendations
• AI & Data Analytics in Cybersecurity – 1+ years applying machine-learning or AI tools to support vulnerability detection and prioritization

• Collaboration & Teamwork – 3+ years working effectively across engineering, operations, and leadership teams
• Must have Secret Clearance

• MRT-C Mission Mapping & Prioritization – Hands-on experience applying the MRT-C framework to align cyber risks with mission workflows
• Data Fusion & Analysis – Leveraging MARMS, MADSS, SMADS, AFCAMS, CRMT, Dagger, or similar tools to aggregate and analyze multi-source cyber/mission data
• Supply Chain Risk Management – Evaluating vendor/component vulnerabilities and integrating supply-chain considerations into overall risk posture
• eMASS / Asset Management – Managing assets, controls, and evidence in eMASS or equivalent GRC systems
• Risk Quantification & Dependency Mapping – Translating vulnerability findings into business/mission-impact metrics and mapping “what supports what”
• Assessment Gap Analysis – Identifying blind spots in current assessment scopes and recommending coverage extensions
• Mitigation Prioritization & Redirecting – Tying mitigation actions to prioritized risks and re-allocating resources as mission needs evolve
• AI-Enabled Cyber Risk Tools – Applying AI/ML-based risk-management platforms to enhance detection, forecasting, and “digital twin” simulations
• Data Collection & Reporting Automation – Designing scripts or workflows (e.g., Python, PowerShell, Ansible) to streamline data gathering and dashboard generation