This job has closed.

Booz Allen Hamilton · 2 days ago

Cyber Risk Strategist & Assessor

McLean, VA

Full-time

Hybrid

Senior Level

$99K/yr - $225K/yr

5+ years exp

Booz Allen Hamilton is a leading consulting firm that specializes in cybersecurity and risk management. They are seeking a Cyber Risk Strategist & Assessor to collaborate with clients in assessing their cybersecurity maturity and risk posture, while leading a team to enhance security controls and risk governance. The role involves developing risk mitigation strategies and contributing to business growth through client relationship management and proposal development.

ConsultingCyber SecurityIT InfrastructureManagement ConsultingSecurity

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Collaborate with respected and experienced leaders and seasoned professionals

Work directly with clients to help them assess their cybersecurity maturity and risk posture

Evaluate and improve the effectiveness of security controls, risk governance, and risk management programs

Lead portions of client delivery and execution with a growing team of Cyber Assessors, Cyber Strategists, Threat & Risk Modelers, and Risk Management professionals

Refine and apply Booz Allen’s cyber capabilities and solutions to address client needs

Lead the identification and assessment of programmatic gaps, technical vulnerabilities, and risks to client systems

Work with clients to develop risk mitigation strategies and identify areas for systemic improvement

Evaluate the completeness and effectiveness of risk governance and risk management programs

Write risk policy, standards, processes, and procedures

Develop risk and performance indicators, design operating models, and develop cost models in Excel

Configure eGRC platforms to execute a Risk Management Framework

Work with Account Managers and Capability or Market leaders to build relationships with clients

Identify future opportunities for capturing strategic clients

Contribute to or lead work capture activities, including facilitating sales meetings and responding to RFPs

Construct bespoke project approaches, author proposals and Statements of Work, and design staffing approaches

Provide leadership and support for a growth-minded business that seeks to evolve and incorporate new technologies

Partner with other delivery teams to design, build, and deliver integrated solutions

Qualification

Cyber Risk ManagementThird-Party Risk ManagementCybersecurity AssessmentsRisk Management FrameworksCyber Threat ModelingRegulatory FrameworksCloud SecurityProject ManagementAnalytical SkillsCommunication SkillsTeam LeadershipProblem SolvingAdaptability

Required

5+ years of experience executing engagements in Cyber Risk Management, Third-Party Risk Management (TPRM), Supply Chain Risk Management (SCRM), Technology Risk Management (TRM), or GRC Programs, including delivering results to C-level executives and Director-level stakeholders

5+ years of experience executing cybersecurity assessments against industry-standard frameworks such as NIST CSF, NIST 800-53, CIS Critical Security Controls, and ISO 27001 and identifying root cause issues, analyzing vulnerabilities, and proposing threat and risk-aligned mitigations that materially enhance organizational cyber resilience and improve the security risk posture

3+ years of experience implementing or auditing third-party risk management programs in accordance with industry frameworks such as NIST SP 800-161

3+ years of experience evaluating and managing third-party relationships throughout their lifecycle, including onboarding and due diligence, assessment of risk, risk mitigation and remediation, continuous monitoring, and offboarding

Experience evaluating and implementing controls aligned with regulatory frameworks such as GDPR, CCPA, CPRA, and state-based legislation, including HIPAA or PCI DSS

Experience with project management, including delivering results within specified timelines and budgets and on cross-functional engagement teams

Knowledge of cyber threat modeling and risk management frameworks and methodologies such as FAIR, NIST RMF, COBIT, MITRE ATT&CK, PASTA, or STRIDE

Knowledge of technology and cybersecurity functions such as asset management, identity and access management, cloud security, network security, security operations, or incident response and technologies such as SIEM, EDR, IPS/IDS, SAST, DAST, CASB/DLP, CSPM, or CWPP

Bachelor's degree

Preferred

Experience communicating complex technical ideas to broad audiences across all organizational levels, including executives such as board members, CEOs, CFOs, CTOs, and CISOs, via white papers, assessment reports, and briefs

Experience with application security or product security, including using DevOps, DevSecOps, and SDLC

Experience with cloud assessment methodologies, including utilizing built-in processes for assessing native cloud services, and with optimizing cloud infrastructure for efficiency, security, and cost-effectiveness

Experience with Windows or Linux system administration, including managing and securing operating systems effectively

Experience administering and assessing network devices and security, including routers, switches, firewalls, and intrusion detection or prevention systems

Knowledge of SOC or threat hunting, including threat modeling and analysis

Knowledge of emerging topics, including regulations, industry practices, and new technologies, including AI, Cyber Risk Quantification (CRQ), and Zero-Trust Architecture (ZTA)

Ability to identify technology vulnerabilities using both manual and automated processes, including automated compliance and vulnerability scanners and system configuration reviews such as CIS Benchmarks or DISA STIGS

Master's degree in Information Technology, Cybersecurity, Computer Science, Systems Engineering, or Security Policy

CISSP, CGRC, CRISC, CEH, GSEC, CISM, CISA, COBIT 5, FAIR, MITRE ATT&CK, OSCP, Certified Incident Handler (GCHI), GIAC Enterprise Incident Response (GEIR), or MITRE Threat Hunting Certification