Cybersecurity Gap Analyst (Temporary)

United States Court of Appeals for the Sixth Circuit•Cincinnati, OH

3d•Hybrid

About The Position

Do you enjoy performing assessments of cybersecurity programs? The United States Court of Appeals for the Sixth Circuit is seeking a Cybersecurity Gap Analyst to join our team for a temporary position starting February 23 and ending April 30, 2026. Overview of Duties The Cybersecurity Gap Analyst will perform a comprehensive assessment of our current cybersecurity program. This role will evaluate existing policies, procedures, technical controls, and organizational practices against established industry frameworks to identify gaps, risks, and recommended remediation priorities. This assessment will help inform future security initiatives, including data classification, policy development, and infrastructure hardening.

Requirements

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience).
Demonstrated experience conducting security gap assessments, control reviews, or compliance evaluations against industry standards.
Working knowledge of common cybersecurity frameworks and standards (e.g., NIST Cybersecurity Framework, ISO 27001, CIS Controls).
Strong analytical, documentation, and communication skills — capable of producing clear, executive-ready reports.
Ability to work independently, balance multiple priorities, and meet deadlines in a temporary assignment.
Familiarity with cybersecurity terminology, risk evaluation, and control implementation.

Nice To Haves

Relevant professional certifications (e.g., CISSP, CISM, CRISC, or similar).
Previous experience working with government, judicial, or public sector IT environments.
Experience with data classification initiatives and risk-based security planning.

Responsibilities

Conduct a comprehensive assessment of the organization’s current cybersecurity practices, controls, documentation, and technical environment.
Compare existing security controls and processes against a recognized industry framework (e.g., NIST Cybersecurity Framework, ISO/IEC 27001, or similar) to determine where gaps exist.
Inventory data, systems, applications, and policies relevant to security and compliance.
Evaluate current documentation, procedures, and technical measures to assess coverage, maturity, and effectiveness.
Identify deficiencies and categorize gaps according to risk impact and priority.
Engage with internal stakeholders (IT staff, leadership, and key process owners) to gather insights and context.
Produce a detailed Gap Analysis Report that outlines findings, risk implications, and practical recommendations for remediation.
Provide a Remediation Roadmap with prioritized actions, suggested timelines, and resource considerations to inform future security efforts.
Work collaboratively with IT leadership to ensure the analysis reflects practical realities and organizational constraints.