**Introduction** A Security Consultant within Cyber Strategy & Risk specializes in implementing security solutions for clients and stakeholders, while addressing security, regulatory, risk, and compliance issues. They maintain a current understanding of industry trends and hold multiple certifications in key cyber security areas. As a trusted advisor, they lead in identifying risks and developing mitigation plans, and define business-driven security strategies and roadmaps. This role requires a professional who can effectively communicate and collaborate with various stakeholders to ensure the successful implementation of security initiatives and the achievement of business objectives. **Your role and responsibilities** The Assessments & Mitigations Control Systems Cybersecurity Consultant will apply 3-5 years of hands-on experience to manage and perfrom excution oversight a broad range of cybersecurity assessments—spanning Mission Assurance, Energy Resilience Readiness Exercises (ERRE), Cyber Resilience Readiness Exercises (CRRE), and Defense Critical Infrastructure (DCI) evaluations. This mid-tier consultant will design and lead assessment engagements, develop targeted mitigation and recovery strategies, and ensure workforce roles and certifications align with assessment and response requirements. The role requires strong analytical skills, thorough risk-evaluation expertise, and effective stakeholder collaboration to continuously strengthen mission-critical cyber resilience. * Lead Cybersecurity Assessments (25%) Plan and perform oversight of execution of Mission Assurance, ERRE, CRRE, and DCI assessments—defining scope, objectives, and success criteria. * Develop & Coordinate Mitigations (25%) Based on assessment outcomes, design remediation plans, assign responsibilities, and track implementation through completion. * Align Workforce Roles & Certifications (15%) Evaluate team competencies, recommend training paths, and ensure personnel hold required DoD/industry certifications. * Analysis, Reporting & Briefings (20%) Produce comprehensive reports, risk dashboards, and deliver briefings to senior stakeholders on findings and recovery status. **Required technical and professional expertise** * Cybersecurity Assessment & Risk Evaluation - Leading RMF-style assessments, tabletop exercises, and infrastructure evaluations * Mission Assurance Testing - Execution oversight of assessments that map cyber vulnerabilities to mission-critical functions * ERRE/CRRE Process Management - Planning, conducting, and reporting on Energy/Cyber Resilience Readiness Exercises * DCI Assessment Expertise - Evaluating and prioritizing risks to Defense Critical Infrastructure systems * Mitigation Strategy Development - Designing and coordinating response and recovery plans based on assessment findings * Analytical Reporting - Producing detailed technical reports and executive summaries on risk posture and mitigation effectiveness * Stakeholder Facilitation - Leading cross-functional workshops, documenting action items, and driving closure of findings * Workforce Certification Alignment - Mapping cybersecurity job roles to required DoD and industry certifications * Must have DOD US Secret Clearance **Preferred technical and professional experience** * Automated Assessment Tools - Using scripting (Python, PowerShell) or platforms (Nessus, SCAP) to streamline vulnerability scanning * Data Fusion & Visualization - Building dashboards (Splunk, ELK, PowerBI) to correlate assessment data and track metrics * Supply Chain Risk Management - Incorporating third-party and component risks into overall assessment scope * eMASS / GRC Systems - Populating controls, evidence, and POA&Ms in eMASS or equivalent governance tools * Digital-Twin Modeling - Applying "digital twin" frameworks to simulate control-system resilience scenarios * Incident Response Coordination - Supporting playbook creation and after-action reviews for assessed vulnerabilities * Cloud/Edge OT Security - Assessing resilience of OT assets integrated with AWS, Azure, or edge-computing platforms * Professional Certification Pursuit - Progress toward CISSP, CISM, GICSP, or similar credentials IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.