IBM
Cybersecurity Risk/Mission Assurance Control Systems Cybersecurity Consultant -
IBM, Washington, District of Columbia, us, 20022
Introduction
A Security Consultant within Cyber Strategy & Risk specializes in implementing security solutions for clients and stakeholders, while addressing security, regulatory, risk, and compliance issues. They maintain a current understanding of industry trends and hold multiple certifications in key cyber security areas. As a trusted advisor, they lead in identifying risks and developing mitigation plans, and define business-driven security strategies and roadmaps. This role requires a professional who can effectively communicate and collaborate with various stakeholders to ensure the successful implementation of security initiatives and the achievement of business objectives.
Your role and responsibilities
The Junior Risk/Mission Assurance Control Systems Cybersecurity Consultant will apply foundational technical skills to support mission mapping and prioritization efforts across the Department of the Air Force Civil Engineer's critical infrastructure. Working under senior guidance, this role assists in risk-based assessments of OT/ICS environments, gathers and analyzes vulnerability data, contributes to draft reports and briefings, and helps coordinate mitigation planning. The consultant will ensure alignment with NIST CSF, DoD guidance, and Air Force policies while gaining hands-on experience with emerging AI and data-analysis tools to enhance mission assurance.
Support Mission Mapping & Prioritization (25%) Assist senior consultants in system- and mission-mapping activities to align cybersecurity tasks with critical mission requirements.
Assist Risk Assessment & Analysis (25%) Collect vulnerability data and help perform preliminary assessments of SCADA, ICS, and related OT environments.
Draft Reports & Briefings (20%) Prepare slide decks, status reports, and data visualizations summarizing risk findings and recommended next steps.
Coordinate Stakeholder Workshops (15%) Schedule meetings, document action items, and track follow-up with cross-functional teams to plan mitigation actions.
Maintain Compliance Documentation (15%) Update control matrices, evidence records, and GRC tool entries to ensure adherence to NIST CSF and DoD/Air Force policies
Required technical and professional expertise
Risk Management & Mission Assurance - 1-3 years assisting with NIST RMF or mission-assurance efforts in DoD or critical-infrastructure contexts
OT/ICS Cybersecurity Fundamentals - 1-3 years supporting security tasks for SCADA, ICS, or related operational-technology systems
Vulnerability Analysis & Mission Mapping - 1-3 years helping develop risk frameworks that link cyber findings to mission impact
Technical Communication - 1-3 years drafting concise summaries, status updates, and slide decks for technical and non-technical audiences
Cybersecurity Compliance Basics - 1-3 years applying NIST CSF controls, DoD instructions, or Air Force policy requirements
Collaboration & Team Support - 1-3 years working within cross-functional teams, coordinating meetings and follow-up actions
Data Collection & Analysis - 1-3 years using Excel or basic scripting to compile, filter, and visualize assessment data
Project Coordination - 1-3 years tracking schedules, deliverables, and action items in cybersecurity or IT projects
Must have Secret Clearance
Preferred technical and professional experience
MRT-C Mission Mapping & Prioritization - Hands-on exposure to the MRT-C framework in mission-assurance tasks
Data Fusion & Analysis Tools - Familiarity with A3 Mission Assurance, MARMS, MADSS, SMADS, AFCAMS, CRMT, or Dagger
eMASS / Asset Management - Experience entering controls and evidence into eMASS or equivalent GRC systems
Supply Chain Risk Awareness - Understanding of how vendor/component vulnerabilities affect overall risk posture
Risk Quantification & Dependency Mapping - Translating basic vulnerability data into "what supports what" diagrams
Assessment Gap Identification - Spotting unassessed areas and proposing scope extensions
AI-Enabled Cyber Risk Tools - Awareness of AI/ML platforms for detection, forecasting, or "digital twin" simulations
Scripting for Automation - Entry-level Python, PowerShell, or Ansible skills to streamline data gathering and reporting
ICS Protocol Familiarity - Basic knowledge of Modbus, DNP3, or OPC communication security
Visualization & Reporting - Exposure to PowerBI, Splunk, or similar tools for dashboard creation
Certification Pursuit - Progress toward CISSP, CISM, GICSP, or related credentials
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
A Security Consultant within Cyber Strategy & Risk specializes in implementing security solutions for clients and stakeholders, while addressing security, regulatory, risk, and compliance issues. They maintain a current understanding of industry trends and hold multiple certifications in key cyber security areas. As a trusted advisor, they lead in identifying risks and developing mitigation plans, and define business-driven security strategies and roadmaps. This role requires a professional who can effectively communicate and collaborate with various stakeholders to ensure the successful implementation of security initiatives and the achievement of business objectives.
Your role and responsibilities
The Junior Risk/Mission Assurance Control Systems Cybersecurity Consultant will apply foundational technical skills to support mission mapping and prioritization efforts across the Department of the Air Force Civil Engineer's critical infrastructure. Working under senior guidance, this role assists in risk-based assessments of OT/ICS environments, gathers and analyzes vulnerability data, contributes to draft reports and briefings, and helps coordinate mitigation planning. The consultant will ensure alignment with NIST CSF, DoD guidance, and Air Force policies while gaining hands-on experience with emerging AI and data-analysis tools to enhance mission assurance.
Support Mission Mapping & Prioritization (25%) Assist senior consultants in system- and mission-mapping activities to align cybersecurity tasks with critical mission requirements.
Assist Risk Assessment & Analysis (25%) Collect vulnerability data and help perform preliminary assessments of SCADA, ICS, and related OT environments.
Draft Reports & Briefings (20%) Prepare slide decks, status reports, and data visualizations summarizing risk findings and recommended next steps.
Coordinate Stakeholder Workshops (15%) Schedule meetings, document action items, and track follow-up with cross-functional teams to plan mitigation actions.
Maintain Compliance Documentation (15%) Update control matrices, evidence records, and GRC tool entries to ensure adherence to NIST CSF and DoD/Air Force policies
Required technical and professional expertise
Risk Management & Mission Assurance - 1-3 years assisting with NIST RMF or mission-assurance efforts in DoD or critical-infrastructure contexts
OT/ICS Cybersecurity Fundamentals - 1-3 years supporting security tasks for SCADA, ICS, or related operational-technology systems
Vulnerability Analysis & Mission Mapping - 1-3 years helping develop risk frameworks that link cyber findings to mission impact
Technical Communication - 1-3 years drafting concise summaries, status updates, and slide decks for technical and non-technical audiences
Cybersecurity Compliance Basics - 1-3 years applying NIST CSF controls, DoD instructions, or Air Force policy requirements
Collaboration & Team Support - 1-3 years working within cross-functional teams, coordinating meetings and follow-up actions
Data Collection & Analysis - 1-3 years using Excel or basic scripting to compile, filter, and visualize assessment data
Project Coordination - 1-3 years tracking schedules, deliverables, and action items in cybersecurity or IT projects
Must have Secret Clearance
Preferred technical and professional experience
MRT-C Mission Mapping & Prioritization - Hands-on exposure to the MRT-C framework in mission-assurance tasks
Data Fusion & Analysis Tools - Familiarity with A3 Mission Assurance, MARMS, MADSS, SMADS, AFCAMS, CRMT, or Dagger
eMASS / Asset Management - Experience entering controls and evidence into eMASS or equivalent GRC systems
Supply Chain Risk Awareness - Understanding of how vendor/component vulnerabilities affect overall risk posture
Risk Quantification & Dependency Mapping - Translating basic vulnerability data into "what supports what" diagrams
Assessment Gap Identification - Spotting unassessed areas and proposing scope extensions
AI-Enabled Cyber Risk Tools - Awareness of AI/ML platforms for detection, forecasting, or "digital twin" simulations
Scripting for Automation - Entry-level Python, PowerShell, or Ansible skills to streamline data gathering and reporting
ICS Protocol Familiarity - Basic knowledge of Modbus, DNP3, or OPC communication security
Visualization & Reporting - Exposure to PowerBI, Splunk, or similar tools for dashboard creation
Certification Pursuit - Progress toward CISSP, CISM, GICSP, or related credentials
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.