IBM
Cybersecurity Assessments/Mitigations Control Systems Cybersecurity Consultant
IBM, Washington, District of Columbia, us, 20022
Introduction
A Security Consultant within Cyber Strategy & Risk specializes in implementing security solutions for clients and stakeholders, while addressing security, regulatory, risk, and compliance issues. They maintain a current understanding of industry trends and hold multiple certifications in key cyber security areas. As a trusted advisor, they lead in identifying risks and developing mitigation plans, and define business-driven security strategies and roadmaps. This role requires a professional who can effectively communicate and collaborate with various stakeholders to ensure the successful implementation of security initiatives and the achievement of business objectives.
Your role and responsibilities
The Assessments & Mitigations Control Systems Cybersecurity Consultant will apply 3-5 years of hands-on experience to manage and perfrom excution oversight a broad range of cybersecurity assessments-spanning Mission Assurance, Energy Resilience Readiness Exercises (ERRE), Cyber Resilience Readiness Exercises (CRRE), and Defense Critical Infrastructure (DCI) evaluations. This mid-tier consultant will design and lead assessment engagements, develop targeted mitigation and recovery strategies, and ensure workforce roles and certifications align with assessment and response requirements. The role requires strong analytical skills, thorough risk-evaluation expertise, and effective stakeholder collaboration to continuously strengthen mission-critical cyber resilience.
Lead Cybersecurity Assessments (25%) Plan and perform oversight of execution of Mission Assurance, ERRE, CRRE, and DCI assessments-defining scope, objectives, and success criteria.
Develop & Coordinate Mitigations (25%) Based on assessment outcomes, design remediation plans, assign responsibilities, and track implementation through completion.
Align Workforce Roles & Certifications (15%) Evaluate team competencies, recommend training paths, and ensure personnel hold required DoD/industry certifications.
Analysis, Reporting & Briefings (20%) Produce comprehensive reports, risk dashboards, and deliver briefings to senior stakeholders on findings and recovery status.
Required technical and professional expertise
Cybersecurity Assessment & Risk Evaluation - Leading RMF-style assessments, tabletop exercises, and infrastructure evaluations
Mission Assurance Testing - Execution oversight of assessments that map cyber vulnerabilities to mission-critical functions
ERRE/CRRE Process Management - Planning, conducting, and reporting on Energy/Cyber Resilience Readiness Exercises
DCI Assessment Expertise - Evaluating and prioritizing risks to Defense Critical Infrastructure systems
Mitigation Strategy Development - Designing and coordinating response and recovery plans based on assessment findings
Analytical Reporting - Producing detailed technical reports and executive summaries on risk posture and mitigation effectiveness
Stakeholder Facilitation - Leading cross-functional workshops, documenting action items, and driving closure of findings
Workforce Certification Alignment - Mapping cybersecurity job roles to required DoD and industry certifications
Must have DOD US Secret Clearance
Preferred technical and professional experience
Automated Assessment Tools - Using scripting (Python, PowerShell) or platforms (Nessus, SCAP) to streamline vulnerability scanning
Data Fusion & Visualization - Building dashboards (Splunk, ELK, PowerBI) to correlate assessment data and track metrics
Supply Chain Risk Management - Incorporating third-party and component risks into overall assessment scope
eMASS / GRC Systems - Populating controls, evidence, and POA&Ms in eMASS or equivalent governance tools
Digital-Twin Modeling - Applying "digital twin" frameworks to simulate control-system resilience scenarios
Incident Response Coordination - Supporting playbook creation and after-action reviews for assessed vulnerabilities
Cloud/Edge OT Security - Assessing resilience of OT assets integrated with AWS, Azure, or edge-computing platforms
Professional Certification Pursuit - Progress toward CISSP, CISM, GICSP, or similar credentials
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
A Security Consultant within Cyber Strategy & Risk specializes in implementing security solutions for clients and stakeholders, while addressing security, regulatory, risk, and compliance issues. They maintain a current understanding of industry trends and hold multiple certifications in key cyber security areas. As a trusted advisor, they lead in identifying risks and developing mitigation plans, and define business-driven security strategies and roadmaps. This role requires a professional who can effectively communicate and collaborate with various stakeholders to ensure the successful implementation of security initiatives and the achievement of business objectives.
Your role and responsibilities
The Assessments & Mitigations Control Systems Cybersecurity Consultant will apply 3-5 years of hands-on experience to manage and perfrom excution oversight a broad range of cybersecurity assessments-spanning Mission Assurance, Energy Resilience Readiness Exercises (ERRE), Cyber Resilience Readiness Exercises (CRRE), and Defense Critical Infrastructure (DCI) evaluations. This mid-tier consultant will design and lead assessment engagements, develop targeted mitigation and recovery strategies, and ensure workforce roles and certifications align with assessment and response requirements. The role requires strong analytical skills, thorough risk-evaluation expertise, and effective stakeholder collaboration to continuously strengthen mission-critical cyber resilience.
Lead Cybersecurity Assessments (25%) Plan and perform oversight of execution of Mission Assurance, ERRE, CRRE, and DCI assessments-defining scope, objectives, and success criteria.
Develop & Coordinate Mitigations (25%) Based on assessment outcomes, design remediation plans, assign responsibilities, and track implementation through completion.
Align Workforce Roles & Certifications (15%) Evaluate team competencies, recommend training paths, and ensure personnel hold required DoD/industry certifications.
Analysis, Reporting & Briefings (20%) Produce comprehensive reports, risk dashboards, and deliver briefings to senior stakeholders on findings and recovery status.
Required technical and professional expertise
Cybersecurity Assessment & Risk Evaluation - Leading RMF-style assessments, tabletop exercises, and infrastructure evaluations
Mission Assurance Testing - Execution oversight of assessments that map cyber vulnerabilities to mission-critical functions
ERRE/CRRE Process Management - Planning, conducting, and reporting on Energy/Cyber Resilience Readiness Exercises
DCI Assessment Expertise - Evaluating and prioritizing risks to Defense Critical Infrastructure systems
Mitigation Strategy Development - Designing and coordinating response and recovery plans based on assessment findings
Analytical Reporting - Producing detailed technical reports and executive summaries on risk posture and mitigation effectiveness
Stakeholder Facilitation - Leading cross-functional workshops, documenting action items, and driving closure of findings
Workforce Certification Alignment - Mapping cybersecurity job roles to required DoD and industry certifications
Must have DOD US Secret Clearance
Preferred technical and professional experience
Automated Assessment Tools - Using scripting (Python, PowerShell) or platforms (Nessus, SCAP) to streamline vulnerability scanning
Data Fusion & Visualization - Building dashboards (Splunk, ELK, PowerBI) to correlate assessment data and track metrics
Supply Chain Risk Management - Incorporating third-party and component risks into overall assessment scope
eMASS / GRC Systems - Populating controls, evidence, and POA&Ms in eMASS or equivalent governance tools
Digital-Twin Modeling - Applying "digital twin" frameworks to simulate control-system resilience scenarios
Incident Response Coordination - Supporting playbook creation and after-action reviews for assessed vulnerabilities
Cloud/Edge OT Security - Assessing resilience of OT assets integrated with AWS, Azure, or edge-computing platforms
Professional Certification Pursuit - Progress toward CISSP, CISM, GICSP, or similar credentials
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.