Cyber Risk Strategist & Assessor

About The Position

Requirements

• 5+ years of experience executing e nga gements in Cyber Risk Management, Third-Party Risk Management ( TPRM ) , Supply Chain Risk Management ( SCRM ) , Technology Risk Management ( TRM ) , or GRC Programs, including delivering results to C-level executives and Director-level stakeholders
• 5+ years of experience executing cybersecurity assessments against industry-standard frameworks such as NIST CSF, NIST 800-53, CIS Critical Security Controls, and ISO 27001 and identifying root cause issues, analyzing vulnerabilities, and proposing threat and risk-aligned mitigations that materially enhance organizational cyber resilience and improve the security risk posture
• 3+ years of experience implementing or auditing third-party risk management programs in accordance with industry frameworks such as NIST SP 800-161
• 3+ years of experience evaluating and managing third-party relationships throughout their lifecycle, including onboarding and due diligence, assessment of risk, risk mitigation and remediation, continuous monitoring, and offboarding
• Experience evaluating and implementing controls aligned with regulatory frameworks such as GDPR, CCPA, CPRA, and state-based legislation, including HIPAA or PCI DSS
• Experience with project management, including delivering results within specified timelines and budget s and on cross-functional e nga gement teams
• Knowledge of cyber threat modeling and risk management frameworks and met hodologies such as FAIR, NIST RMF, COBIT, MITRE ATT & CK, PASTA, or STRIDE
• Knowledge of technology and cybersecurity functions such as asset management, identity and access management, cloud security, network security, security operations, or incident response and technologies such as SIEM, EDR, IPS / IDS, SAST, DAST, CASB / DLP, CSPM, or CWPP
• Bachelor’s degree
• U.S. citizenship is required

Nice To Haves

• Experience communicating complex technical ideas to broad audiences across all organizational levels, including executives such as board members, CEOs, CFOs, CTOs, and CISOs, via white papers, assessment reports, and briefs
• Experience with application security or product security, including using DevOps, DevSecOps, and SDLC
• Experience with cloud assessment met hodologies, including utilizing built-in processes for assessing native cloud services, and with optimizing cloud infrastructure for efficiency, security, and cost-effectiveness
• Experience with Windows or Linux system administration, including managing and securing operating systems effectively
• Experience administering and assessing network devices and security, including routers, switches, firewalls, and int rus ion detection or prevention systems
• Knowledge of SOC or threat hunting, including threat modeling and analysis
• Knowledge of emerging topics, including regulations, industry practices, and new technologies, including AI, Cyber Risk Quantification ( CRQ ) , and Zero-T rus t Architecture ( ZTA )
• Ability to identify technology vulnerabilities using both manual and automated processes, including automated compliance and vulnerability scanners and system configuration reviews such as CIS Benchmarks or DISA STIGS
• Master’s degree in Information Technology, Cybersecurity, Computer Science, Systems Engineering, or Security Policy
• CISSP, CGRC, CRISC, CEH, GSEC, CISM, CISA, COBIT 5, FAIR, MITRE ATT & CK, OSCP, Certified Incident Handler ( GCHI ) , GIAC Enterprise Incident Response ( GEIR ) , or MITRE Threat Hunting Certification

Responsibilities

• Lead portions of client delivery and execution with a growing team of Cyber Assessors, Cyber Strategists, Threat & Risk Modelers, and Risk Management professionals.
• Refine and apply Booz Allen’s cyber capabilities and solutions to address each client’s strategic, operational, and regulatory assessment and risk advisory needs.
• Lead the identification and assessment of programmatic gaps, technical vulnerabilities, and risks to client systems and environments using qualitative and quantitative approaches.
• Work with clients to develop risk mitigation strategies, identify areas for systemic improvement, and build long-term strategies to ensure assets are secure, and internal and external compliance requirements are addressed.
• Evaluate the completeness and effectiveness of risk governance and risk management programs across multiple risk domains in executing the risk management lifecycle.
• Work with clients to write risk policy , standards, processes, and procedures, develop risk and performance indicators, design operating models, develop cost models in Excel, and configure eGRC platforms to execute a Risk Management Framework.
• Work with Account Managers and Capability or Market leaders to build relationships with clients and identify future opportunities for capturing strategic clients.
• Contribute to or lead work capture activities, including facilitating sales meetings, resp ond ing to Request for Proposals ( RFPs ) , constructing bespoke project approaches, authoring proposals and Statements of Work ( SOW ) , and designing staffing approaches.
• Provide leadership and support for a growth-minded business that seeks to continuously evolve and incorporate new techniques and technologies to deliver differentiated and industry-leading capabilities for clients.
• Partner with our other delivery teams to design, build, and deliver integrated solutions to the market.

Benefits

• health
• life
• disability
• financial
• retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program