Talent.com
Cybersecurity Risk Assessment Consultant

Cybersecurity Risk Assessment Consultant

GDR DefenseAnnapolis, MD, United States
8 hours ago
Job type
  • Full-time
  • Quick Apply
Job description

"Join GD Resources for dynamic opportunities in business management and IT, where innovation meets excellence."

About the Company :

GD Resources is a Veteran Women-Owned Business Management and Information Technology company committed to excellence. GD Resources provides dynamic opportunities for veterans and professionals alike to contribute to innovative projects and drive success in a collaborative and supportive environment. Join us to make a difference, advance your career, and grow with a company that values integrity, diversity, and continuous improvement.

Job Title : Cybersecurity Risk Assessment Consultant

Location : Hybrid (onsite work possibly at various locations throughout Maryland)

Rate : Competitive, DOE (W2 or 1099)

Position Overview

We are seeking a Cybersecurity GRC Data & Dashboard Consultant to support follow-on work from approximately 90 completed cybersecurity assessments for a client. The consultant will transform assessment results into structured data, dashboards, and reports that align with NIST CSF, CMMI maturity scoring, and the client's Governance, Risk, and Compliance (GRC) platform (e.g., ServiceNow GRC). This role is ideal for someone with strong cybersecurity domain knowledge, GRC platform experience, and hands-on skills in data analytics and dashboard development. The consultant will help build real-time, interactive views of client-wide and agency-level cybersecurity maturity, risks, issues, and remediation progress to support executive decision-making and continuous improvement.

Responsibilities

  • Convert all assessment results into a format compatible with the client's GRC platform import requirements.
  • Prepare and manage key data outputs, including assessment scope, maturity scores (CMMI 0 5 by NIST CSF function / category / control), findings, risks, issues, and recommended remediation actions.
  • Provide data files and reports in Client-specified formats and offer reasonable technical assistance to support successful import into the Client's GRC platform.
  • Incorporate agency issue response status data from the Client's GRC platform into reporting and analysis, as needed.
  • Design, develop, and maintain real-time reporting dashboards using cybersecurity assessment data at both client-wide (aggregated) and agency (disaggregated) levels.
  • Build dashboards that show :

Top control categories by maturity

  • Most common constraints
  • Top recommended areas of improvement
  • CMMI-based maturity levels (0 5) across Identify, Protect, Detect, Respond, and Recover
  • Top findings, risks, issues, and issue response by agency
  • Ensure all dashboards are interactive, allowing users to drill down into underlying assessment data behind summary metrics.
  • Implement robust filters in dashboards to support targeted analysis, including filters for : Executive Branch designation, enterprise agency, agency size tier, IT complexity tier, and overall Maturity Group.
  • Build agency-level dashboards that :

    • Display average maturity scores by NIST CSF area compared against client-wide averages using side-by-side bar charts

  • Show maturity averages by CSF categories (e.g., Communications, Maintenance, Access Control) compared to client-wide averages
  • Highlight recommended areas of improvement, top 10 findings, and percent completion of identified issues
  • Create comparison dashboards that allow users to select one or more agencies and compare ratings and metrics across NIST CSF areas and categories.
  • Integrate historical NIST CSF assessment data from prior years into dashboards to show year-over-year trends at both agency and client-wide levels.
  • Ensure all required data entry is completed before final project close-out unless an exception is approved by the client.
  • Provide reasonable technical assistance to support ongoing imports and integration into the Client's GRC platform.
  • Participate in weekly status meetings with client stakeholders.
  • Prepare concise written status updates on a bi-weekly basis and join additional meetings / discussions as needed.
  • Maintain and follow quality procedures, methodologies, and standards relevant to this contract, including those associated with Client platforms such as ServiceNow GRC.

    • Qualifications

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Data Analytics, or related field (or equivalent experience).
  • 5+ years of experience in cybersecurity, GRC, or risk management roles supporting government or large enterprise environments.
  • Hands-on experience working with NIST Cybersecurity Framework (NIST CSF) and familiarity with NIST 800-53 and / or NIST 800-171 controls.
  • Experience with CMMI-style maturity scoring (0 5) and translating assessment results into structured data and reports.
  • Practical experience with Governance, Risk, and Compliance (GRC) platforms, preferably ServiceNow GRC or similar Client / enterprise platforms.
  • Strong skills in data analysis and dashboard / report development using tools such as Power BI, Tableau, or similar visualization platforms.
  • Proven ability to design interactive dashboards with drill-down and filter capabilities for different organizational tiers (e.g., client-wide vs. agency-level).
  • Experience integrating and analyzing historical assessment data to present trends and performance changes over time.
  • Strong attention to detail and ability to ensure data quality, consistency, and completeness prior to project close-out.
  • Excellent written and verbal communication skills, including experience preparing status reports and presenting findings to technical and non-technical stakeholders.
  • Demonstrated commitment to ongoing training and staying current with cybersecurity standards, tools, and assessment methodologies.
  • Ability to participate in weekly calls and other meetings during standard business hours and collaborate effectively with a remote, multi-organization team.

    • GDR is an Equal Opportunity Employer. We consider all qualified applicants without regard to race, color, religion, sex, gender identity, national origin, age, disability, veteran status, or any other protected status under applicable law. We are committed to equal opportunity in all aspects of employment, including hiring, promotion, compensation, and benefits.

    Create a job alert for this search

    Cybersecurity Consultant • Annapolis, MD, United States

    Related jobs
    • Promoted
    • New!
    Manager, Technology Risk Guide - Enterprise Services Risk

    Manager, Technology Risk Guide - Enterprise Services Risk

    Capital OneAnnapolis, MD, US
    Full-time +1
    Manager, Technology Risk Guide - Enterprise Services Risk.The Enterprise Services Risk organization is expanding with a focus on attracting innovative, pioneering, collaborative, and highly skilled...Show moreLast updated: 3 hours ago
    • Promoted
    Identity Access Management (IAM) Manager - Cyber Security - Bowie, MD

    Identity Access Management (IAM) Manager - Cyber Security - Bowie, MD

    WesBanco Bank Inc.Bowie, MD, United States
    Full-time
    Identity Access Management (IAM) Manager - Cyber Security.Bowie, Maryland, United States.This position is 100% remote within the Bank's footprint. Employee will work full time remote outside of a We...Show moreLast updated: 19 days ago
    • Promoted
    Manager, Network Security, Tech & Data Risk Management

    Manager, Network Security, Tech & Data Risk Management

    Capital OneBaltimore, MD, US
    Full-time +1
    Manager, Network Security, Tech & Data Risk Management.Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers.We are serious about ...Show moreLast updated: 30+ days ago
    • Promoted
    Insider Threat Program User Activity Monitor Engineer

    Insider Threat Program User Activity Monitor Engineer

    LeidosUpper Marlboro, MD, US
    Full-time
    The Digital Modernization Sector at Leidos currently has an opening for User Activity Monitor (UAM) Engineer supporting the HEITS Contract as part of the Department of Homeland Security (DHS) Insid...Show moreLast updated: 30+ days ago
    • Promoted
    • New!
    Consultant - Technology, Cybersecurity - Campus 2026 (Hiring Immediately)

    Consultant - Technology, Cybersecurity - Campus 2026 (Hiring Immediately)

    GuidehouseHANOVER, MD, US
    Part-time
    Cyber Consulting (Digital), Technology Consulting.Ability to Obtain Public Trust.OurConsultants help our clients improve their business processes, internal controls, operating efficiency, transpare...Show moreLast updated: 16 hours ago
    Risk Solutions Expert

    Risk Solutions Expert

    The Strickland GroupBaltimore, MD, US
    Full-time
    Quick Apply
    Join Our Team as a Risk Solutions Expert!.Are you a problem-solver with a passion for optimizing business operations and driving efficiency?. We are looking for a Risk Solutions Expert to deve...Show moreLast updated: 30+ days ago
    • Promoted
    Director Patient Care Services Operations

    Director Patient Care Services Operations

    University of Maryland Medical SystemEaston, MD, US
    Full-time
    A member of the University of Maryland Medical System, Shore Regional Health is a Magnet®-designated facility.At Shore Regional Health, you can learn, grow and make a lasting impact on patients...Show moreLast updated: 8 days ago
    • Promoted
    Director, Business Risk Guide- Enterprise Services Risk Office

    Director, Business Risk Guide- Enterprise Services Risk Office

    Capital OneAnnapolis, MD, US
    Full-time +1
    Director, Business Risk Guide- Enterprise Services Risk Office.We are hiring! The Enterprise Services Business Risk Office provides risk management support to several lines of business including : B...Show moreLast updated: 30+ days ago
    • Promoted
    • New!
    Cybersecurity Assessments Lead

    Cybersecurity Assessments Lead

    CompQsoftFort Meade, MD, United States
    Full-time
    Position : Cybersecurity Assessments Lead.Clearance : Top Secret, SCI eligible.Determines enterprise IA and security standards. Develops and implements IA / security standards and procedures.Coordinates...Show moreLast updated: 3 hours ago
    • Promoted
    Principal Risk Associate | Retail Bank Tech

    Principal Risk Associate | Retail Bank Tech

    Capital OneAnnapolis, MD, US
    Full-time +1
    Principal Risk Associate | Retail Bank Tech.The Principal Associate within the Tech, Cyber, Data, and Resiliency (TCDR) team will strategically apply analytical expertise to proactively identify, m...Show moreLast updated: 27 days ago
    • Promoted
    Senior Manager - Global Payment Network Information Security Office (ISO) Consultant

    Senior Manager - Global Payment Network Information Security Office (ISO) Consultant

    Capital OneAnnapolis, MD, US
    Full-time +1
    Senior Manager - Global Payment Network Information Security Office (ISO) Consultant.At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information ...Show moreLast updated: 30+ days ago
    • Promoted
    Insider Threat Program User Activity Monitor Sustainment Lead

    Insider Threat Program User Activity Monitor Sustainment Lead

    LeidosUpper Marlboro, MD, US
    Full-time
    The Digital Modernization Sector at Leidos currently has an opening for a User Activity Monitor (UAM) Sustainment Lead supporting the HEITS Contract as part of the Department of Homeland Security (...Show moreLast updated: 30+ days ago
    • Promoted
    • New!
    Risk Management Framework (RMF) Cyber Expert

    Risk Management Framework (RMF) Cyber Expert

    Link SolutionsAberdeen Proving Ground, MD, United States
    Full-time
    Information Technology services to government clients in support of critical mission needs.Delivering a broad range of Infrastructure Operations, Application Development, Cybersecurity, Virtualizat...Show moreLast updated: 3 hours ago
    • Promoted
    • New!
    Principal Associate, Business Risk Guide- Enterprise Services Risk Office

    Principal Associate, Business Risk Guide- Enterprise Services Risk Office

    Capital OneBaltimore, MD, US
    Full-time +1
    Principal Associate, Business Risk Guide- Enterprise Services Risk Office.We are hiring! The Enterprise Services Business Risk Office provides risk management support to several lines of business i...Show moreLast updated: 3 hours ago
    • Promoted
    • New!
    Consultant - Technology, Cybersecurity - Campus 2026

    Consultant - Technology, Cybersecurity - Campus 2026

    GuidehouseHanover, Maryland, US
    Full-time
    Job Family : Cyber Consulting (Digital), Technology Consulting.If you want to know about the requirements for this role, read on for all the relevant information. Clearance Required : Ability to Obt...Show moreLast updated: 4 hours ago
    • Promoted
    Director, Enterprise Risk

    Director, Enterprise Risk

    JCW GroupBaltimore, MD, United States
    Full-time
    This job opportunity is with JCW Group.The Director of Enterprise Risk will report to the Chief Risk Officer, oversee a team of seven, and work four days per week from Bethesda.Direct message the j...Show moreLast updated: 7 days ago
    • Promoted
    • New!
    Cyber SDC - Attack & Penetration - Senior - Consulting - Location OPEN

    Cyber SDC - Attack & Penetration - Senior - Consulting - Location OPEN

    EYAnnapolis, MD, United States
    Full-time
    At EY, we’re all in to shape your future with confidence.We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.Join EY and help ...Show moreLast updated: 3 hours ago
    • Promoted
    Senior Manager, Technology Change Risk Oversight

    Senior Manager, Technology Change Risk Oversight

    Capital OneAnnapolis, MD, US
    Full-time +1
    Senior Manager, Technology Change Risk Oversight.Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology...Show moreLast updated: 30+ days ago