Skip to content

Cybersecurity Risk Assessment Lead (Technical Specialist II) 2026P-0124

12+ Months, Part-Time
Adelphi, MD, Hybrid
Posted 2 months ago

Ascension LLC is seeking a Cybersecurity Risk Assessment Lead / NIST CSF & GRC Subject Matter Expert (SME) to lead the execution of two enterprise-level cybersecurity risk assessments for the Maryland Judiciary.

This role is critical to the success of the engagement, serving as the primary technical authority responsible for assessing cybersecurity controls, identifying risks, and delivering executive-level insights aligned to NIST frameworks. The selected candidate will directly support the Administrative Office of the Courts (AOC) in evaluating and strengthening its cybersecurity posture across a large-scale judicial IT environment supporting approximately 5,000 users.

The ideal candidate is a hands-on cybersecurity leader with deep expertise in:

  • NIST Cybersecurity Framework (CSF) 2.0
  • NIST SP 800-53 and 800-171 control mapping
  • Governance, Risk, and Compliance (GRC)
  • Enterprise risk assessments and gap analysis

This role is best suited for a senior consultant who thrives in advisory environments, can operate independently, and can translate complex cybersecurity risks into actionable executive recommendations.

Position Summary

The Cybersecurity Risk Assessment Lead will plan, lead, and execute cybersecurity assessments using structured methodologies involving interviews, documentation reviews, and evidence validation.

This role will:

  • Evaluate cybersecurity controls against NIST CSF functions (Govern, Identify, Protect, Detect, Respond, Recover)
  • Perform implementation tier assessments and maturity analysis
  • Conduct gap analysis and year-over-year comparison
  • Map controls to NIST 800-53 and 800-171 frameworks
  • Develop Executive and Technical Reports
  • Deliver final presentations to senior stakeholders

The ideal candidate is:

  • Detail-oriented and analytical
  • Comfortable engaging both technical and executive stakeholders
  • Self-driven and capable of working independently in a remote environment
  • Skilled at synthesizing large amounts of information into clear findings and recommendations

This role is not tool-dependent and relies heavily on critical thinking, structured assessment methodology, and stakeholder engagement.

Day-to-Day Activities

  • Lead execution of cybersecurity risk assessments aligned to NIST CSF 2.0
  • Conduct stakeholder interviews with IT, security, and leadership personnel
  • Review policies, procedures, and supporting documentation for control validation
  • Analyze cybersecurity controls across governance, risk, and operational domains
  • Perform gap analysis and identify control deficiencies
  • Map controls to NIST 800-53 and 800-171 frameworks
  • Evaluate CSF Implementation Tiers (Tier 1–4 maturity levels)
  • Conduct year-over-year analysis using prior assessment data
  • Develop and maintain assessment workbooks, matrices, and documentation
  • Draft Executive Reports (risk posture, key findings, recommendations)
  • Draft Technical Reports (detailed analysis, remediation roadmap)
  • Present findings and recommendations to executive and technical stakeholders
  • Coordinate with AOC GRC team, Project Manager, and Information Security Officer
  • Track risks, issues, and mitigation strategies throughout the engagement

How to Apply

CLICK HERE TO APPLY & SUBMIT YOUR RESUME

Job Features

Job CategoryCybersecurity, IT
MINIMUM QUALIFICATIONSBachelor’s degree in Cybersecurity, Information Technology, Information Assurance, or related field | Excellent written and verbal communication skills | Ability to produce executive-level reports and briefing | Strong analytical, organizational, and problem-solving skills
REQUIRED SKILLS8–12+ years of experience in cybersecurity, risk management, or information assurance | 5+ years of experience conducting cybersecurity risk assessments for enterprise environments
TECHNICAL SKILLSDemonstrated expertise in: NIST Cybersecurity Framework (CSF), NIST SP 800-53, NIST SP 800-171 | Experience performing: Gap analysis, Risk assessments, Control validation, Maturity assessments | Strong experience in GRC (Governance, Risk, and Compliance) | Experience facilitating interviews, workshops, and stakeholder engagements
DESIRED QUALIFICATIONSMaster’s degree in Cybersecurity, Information Assurance, or related field | Professional certifications such as: CISSP, CISM, CRISC, CISA, CAP | Experience supporting: State or local government environments, Judicial or law enforcement systems | Experience with CJIS, FISMA, or similar regulatory environments Experience working with GRC platforms (e.g., Archer, ServiceNow GRC) | Familiarity with: Risk registers and POA&M development, Audit readiness and compliance frameworks | Prior experience delivering cybersecurity assessments in remote environments
SUITABILITY/SECURITY REQUIREMENTSAbility to pass CJIS background check (State and Federal) | Must comply with all AOC information security policies and procedures | Ability to handle sensitive and confidential information with integrity

Apply For This Job

Scroll To Top