Senior Cybersecurity Risk & Compliance Consultant

About The Position

Requirements

• An ACTIVE and MAINTAINED SECRET federal security clearance.
• Bachelor’s Degree and SEVEN (7) years of relevant cybersecurity experience, OR a Master’s Degree and FIVE (5) years of relevant experience.
• Excellent verbal and written communication skills, specifically in report writing.
• One or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Authorization Professional (CAP) / Certified in Governance, Risk and Compliance (CGRC), Certified Information Systems Auditor (CISA), ISC2 Zero Trust Strategy Certificate.

Nice To Haves

• Experience consulting at federal agencies such as the Department of State on cybersecurity audits and/or IT controls.
• Demonstrated experience in the areas of external client-facing management and/or consulting for large firms.

Responsibilities

• Lead or support the development and execution of cybersecurity strategies aligned with ISCM, IT and Cyber audit, or Data Security teams.
• Oversee the ISCM technical architecture, ensuring proper implementation of monitoring, detection, and reporting tools.
• Ensure all ISCM activities adhere to federal cybersecurity standards and requirements, including FISMA, NIST Special Publications (especially SP 800-53 and SP 800-137), and DHS Continuous Diagnostics and Mitigation (CDM) initiatives.
• Support the development of the overall technology and cybersecurity program to deliver against strategic objectives.
• Evaluate cybersecurity program effectiveness in identifying, managing, and reducing risk.
• Provide coordinated support for all aspects of the audit process, from initial scoping and planning to final reporting and remediation.
• Review audit plans to assess the adequacy of security controls designed to protect against threats and vulnerabilities.
• Support the development and implementation of Zero Trust data protection strategies, including encryption, tokenization, and data masking techniques to secure sensitive government data across networks and repositories.
• Design and support the management of identity-centric access controls, defining granular permissions and enforcing least privilege access to government data, aligning Zero Trust principles.
• Conduct risk assessments and continuous monitoring activities to identify, manage, and mitigate cyber risks.
• Coordinate and support internal and external audits, including scoping, planning, reporting, and remediation.
• Ensure compliance with federal cybersecurity frameworks such as NIST SP 800-53, SP 800-137, SP 800-171, SP 800-60, SP 1800-39A, and FIPS 199.
• Develop and maintain cybersecurity policies, procedures, and documentation.
• Track and report key performance indicators (KPIs) and metrics to demonstrate control effectiveness and compliance status.
• Provide expert guidance to system owners, analysts, and leadership on cybersecurity best practices.
• Present complex findings and recommendations to technical and executive audiences.
• Collaborate with internal teams and external stakeholders, including federal agencies such as CISA and the Department of State.

Benefits

• Medical, Rx, Dental & Vision Insurance
• Personal and Family Sick Time & Company Paid Holidays
• Position may be eligible for a discretionary variable incentive bonus
• Parental Leave and Adoption Assistance
• 401(k) Retirement Plan
• Basic Life & Supplemental Life
• Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
• Short-Term & Long-Term Disability
• Student Loan PayDown
• Tuition Reimbursement, Personal Development & Learning Opportunities
• Skills Development & Certifications
• Employee Referral Program
• Corporate Sponsored Events & Community Outreach
• Emergency Back-Up Childcare Program
• Mobility Stipend