IBM
Cybersecurity Risk/Mission Assurance Control Systems Cybersecurity Consultant -
IBM, Washington, District of Columbia, us, 20022
Introduction
A Security Consultant within Cyber Strategy & Risk specializes in implementing security solutions for clients and stakeholders, while addressing security, regulatory, risk, and compliance issues. They maintain a current understanding of industry trends and hold multiple certifications in key cyber security areas. As a trusted advisor, they lead in identifying risks and developing mitigation plans, and define business-driven security strategies and roadmaps. This role requires a professional who can effectively communicate and collaborate with various stakeholders to ensure the successful implementation of security initiatives and the achievement of business objectives.
Your role and responsibilities
The Risk/Mission Assurance Control Systems Cybersecurity Consultant will apply mid-tier technical expertise to support mission mapping and prioritization efforts across the Department of the Air Force Civil Engineer's critical infrastructure. This role involves developing and executing risk-based strategies to identify, assess, and prioritize cyber vulnerabilities in OT/ICS environments, and partnering with operational teams and leadership to translate findings into actionable mitigation plans. The consultant will prepare and present concise reports and briefings, facilitate cross-functional workshops, and ensure alignment with NIST CSF, DoD guidance, and Air Force policies-all while leveraging emerging AI and data-analysis tools to enhance mission assurance.
Mission Mapping & Prioritization (25%) Lead system- and mission-mapping activities to align OT/ICS cybersecurity strategies with critical mission requirements.
Risk Assessment & Analysis (25%) Conduct comprehensive vulnerability assessments of SCADA, ICS, and related OT environments, quantifying mission impact.
Strategic Briefings & Reporting (20%) Develop and deliver clear, concise reports and executive briefings on risk findings and mitigation recommendations.
Stakeholder Collaboration (15%) Facilitate cross-functional workshops and working sessions to plan and prioritize risk-mitigation actions.
Compliance & Governance (15%) Ensure all cybersecurity activities adhere to NIST CSF, DoD instructions, Air Force policies, and mission-assurance standards.
Required technical and professional expertise
Risk Management & Mission Assurance - 3+ years implementing NIST RMF and mission-assurance methodologies in DoD or civilian critical-infrastructure contexts
OT/ICS Cybersecurity - 3+ years securing SCADA, ICS, and other operational-technology systems
Vulnerability Prioritization & Mission Mapping - 3+ years developing risk-based frameworks that align cyber vulnerabilities to mission impact
Strategic Briefing & Communication - 3+ years delivering technical reports and briefings to mid- and senior-level stakeholders
Cybersecurity Governance & Compliance - 3+ years ensuring conformance with NIST CSF, DoD instructions, and Air Force policies
Stakeholder Engagement & Facilitation - 3+ years leading workshops and working sessions to plan risk mitigation
Project Management - 3+ years coordinating schedules, deliverables, and cross-team efforts in cybersecurity projects
Technical Analysis & Reporting - 3+ years conducting risk assessments and translating technical data into actionable recommendations
AI & Data Analytics in Cybersecurity - 1+ years applying machine-learning or AI tools to support vulnerability detection and prioritization
Collaboration & Teamwork - 3+ years working effectively across engineering, operations, and leadership teams
Must have Secret Clearance
Preferred technical and professional experience
MRT-C Mission Mapping & Prioritization - Hands-on experience applying the MRT-C framework to align cyber risks with mission workflows
Data Fusion & Analysis - Leveraging MARMS, MADSS, SMADS, AFCAMS, CRMT, Dagger, or similar tools to aggregate and analyze multi-source cyber/mission data
Supply Chain Risk Management - Evaluating vendor/component vulnerabilities and integrating supply-chain considerations into overall risk posture
eMASS / Asset Management - Managing assets, controls, and evidence in eMASS or equivalent GRC systems
Risk Quantification & Dependency Mapping - Translating vulnerability findings into business/mission-impact metrics and mapping "what supports what"
Assessment Gap Analysis - Identifying blind spots in current assessment scopes and recommending coverage extensions
Mitigation Prioritization & Redirecting - Tying mitigation actions to prioritized risks and re-allocating resources as mission needs evolve
AI-Enabled Cyber Risk Tools - Applying AI/ML-based risk-management platforms to enhance detection, forecasting, and "digital twin" simulations
Data Collection & Reporting Automation - Designing scripts or workflows (e.g., Python, PowerShell, Ansible) to streamline data gathering and dashboard generation
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
A Security Consultant within Cyber Strategy & Risk specializes in implementing security solutions for clients and stakeholders, while addressing security, regulatory, risk, and compliance issues. They maintain a current understanding of industry trends and hold multiple certifications in key cyber security areas. As a trusted advisor, they lead in identifying risks and developing mitigation plans, and define business-driven security strategies and roadmaps. This role requires a professional who can effectively communicate and collaborate with various stakeholders to ensure the successful implementation of security initiatives and the achievement of business objectives.
Your role and responsibilities
The Risk/Mission Assurance Control Systems Cybersecurity Consultant will apply mid-tier technical expertise to support mission mapping and prioritization efforts across the Department of the Air Force Civil Engineer's critical infrastructure. This role involves developing and executing risk-based strategies to identify, assess, and prioritize cyber vulnerabilities in OT/ICS environments, and partnering with operational teams and leadership to translate findings into actionable mitigation plans. The consultant will prepare and present concise reports and briefings, facilitate cross-functional workshops, and ensure alignment with NIST CSF, DoD guidance, and Air Force policies-all while leveraging emerging AI and data-analysis tools to enhance mission assurance.
Mission Mapping & Prioritization (25%) Lead system- and mission-mapping activities to align OT/ICS cybersecurity strategies with critical mission requirements.
Risk Assessment & Analysis (25%) Conduct comprehensive vulnerability assessments of SCADA, ICS, and related OT environments, quantifying mission impact.
Strategic Briefings & Reporting (20%) Develop and deliver clear, concise reports and executive briefings on risk findings and mitigation recommendations.
Stakeholder Collaboration (15%) Facilitate cross-functional workshops and working sessions to plan and prioritize risk-mitigation actions.
Compliance & Governance (15%) Ensure all cybersecurity activities adhere to NIST CSF, DoD instructions, Air Force policies, and mission-assurance standards.
Required technical and professional expertise
Risk Management & Mission Assurance - 3+ years implementing NIST RMF and mission-assurance methodologies in DoD or civilian critical-infrastructure contexts
OT/ICS Cybersecurity - 3+ years securing SCADA, ICS, and other operational-technology systems
Vulnerability Prioritization & Mission Mapping - 3+ years developing risk-based frameworks that align cyber vulnerabilities to mission impact
Strategic Briefing & Communication - 3+ years delivering technical reports and briefings to mid- and senior-level stakeholders
Cybersecurity Governance & Compliance - 3+ years ensuring conformance with NIST CSF, DoD instructions, and Air Force policies
Stakeholder Engagement & Facilitation - 3+ years leading workshops and working sessions to plan risk mitigation
Project Management - 3+ years coordinating schedules, deliverables, and cross-team efforts in cybersecurity projects
Technical Analysis & Reporting - 3+ years conducting risk assessments and translating technical data into actionable recommendations
AI & Data Analytics in Cybersecurity - 1+ years applying machine-learning or AI tools to support vulnerability detection and prioritization
Collaboration & Teamwork - 3+ years working effectively across engineering, operations, and leadership teams
Must have Secret Clearance
Preferred technical and professional experience
MRT-C Mission Mapping & Prioritization - Hands-on experience applying the MRT-C framework to align cyber risks with mission workflows
Data Fusion & Analysis - Leveraging MARMS, MADSS, SMADS, AFCAMS, CRMT, Dagger, or similar tools to aggregate and analyze multi-source cyber/mission data
Supply Chain Risk Management - Evaluating vendor/component vulnerabilities and integrating supply-chain considerations into overall risk posture
eMASS / Asset Management - Managing assets, controls, and evidence in eMASS or equivalent GRC systems
Risk Quantification & Dependency Mapping - Translating vulnerability findings into business/mission-impact metrics and mapping "what supports what"
Assessment Gap Analysis - Identifying blind spots in current assessment scopes and recommending coverage extensions
Mitigation Prioritization & Redirecting - Tying mitigation actions to prioritized risks and re-allocating resources as mission needs evolve
AI-Enabled Cyber Risk Tools - Applying AI/ML-based risk-management platforms to enhance detection, forecasting, and "digital twin" simulations
Data Collection & Reporting Automation - Designing scripts or workflows (e.g., Python, PowerShell, Ansible) to streamline data gathering and dashboard generation
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.