**Introduction** A Security Consultant within Cyber Strategy & Risk specializes in implementing security solutions for clients and stakeholders, while addressing security, regulatory, risk, and compliance issues. They maintain a current understanding of industry trends and hold multiple certifications in key cyber security areas. As a trusted advisor, they lead in identifying risks and developing mitigation plans, and define business-driven security strategies and roadmaps. This role requires a professional who can effectively communicate and collaborate with various stakeholders to ensure the successful implementation of security initiatives and the achievement of business objectives. **Your role and responsibilities** The Risk/Mission Assurance Control Systems Cybersecurity Consultant will apply mid-tier technical expertise to support mission mapping and prioritization efforts across the Department of the Air Force Civil Engineer’s critical infrastructure. This role involves developing and executing risk-based strategies to identify, assess, and prioritize cyber vulnerabilities in OT/ICS environments, and partnering with operational teams and leadership to translate findings into actionable mitigation plans. The consultant will prepare and present concise reports and briefings, facilitate cross-functional workshops, and ensure alignment with NIST CSF, DoD guidance, and Air Force policies—all while leveraging emerging AI and data-analysis tools to enhance mission assurance. * Mission Mapping & Prioritization (25%) Lead system- and mission-mapping activities to align OT/ICS cybersecurity strategies with critical mission requirements. * Risk Assessment & Analysis (25%) Conduct comprehensive vulnerability assessments of SCADA, ICS, and related OT environments, quantifying mission impact. * Strategic Briefings & Reporting (20%) Develop and deliver clear, concise reports and executive briefings on risk findings and mitigation recommendations. * Stakeholder Collaboration (15%) Facilitate cross-functional workshops and working sessions to plan and prioritize risk-mitigation actions. * Compliance & Governance (15%) Ensure all cybersecurity activities adhere to NIST CSF, DoD instructions, Air Force policies, and mission-assurance standards. **Required technical and professional expertise** * Risk Management & Mission Assurance - 3+ years implementing NIST RMF and mission-assurance methodologies in DoD or civilian critical-infrastructure contexts * OT/ICS Cybersecurity - 3+ years securing SCADA, ICS, and other operational-technology systems * Vulnerability Prioritization & Mission Mapping - 3+ years developing risk-based frameworks that align cyber vulnerabilities to mission impact * Strategic Briefing & Communication - 3+ years delivering technical reports and briefings to mid‐ and senior-level stakeholders * Cybersecurity Governance & Compliance - 3+ years ensuring conformance with NIST CSF, DoD instructions, and Air Force policies * Stakeholder Engagement & Facilitation - 3+ years leading workshops and working sessions to plan risk mitigation * Project Management - 3+ years coordinating schedules, deliverables, and cross-team efforts in cybersecurity projects * Technical Analysis & Reporting - 3+ years conducting risk assessments and translating technical data into actionable recommendations * AI & Data Analytics in Cybersecurity - 1+ years applying machine-learning or AI tools to support vulnerability detection and prioritization * Collaboration & Teamwork - 3+ years working effectively across engineering, operations, and leadership teams * Must have Secret Clearance **Preferred technical and professional experience** * MRT-C Mission Mapping & Prioritization - Hands-on experience applying the MRT-C framework to align cyber risks with mission workflows * Data Fusion & Analysis - Leveraging MARMS, MADSS, SMADS, AFCAMS, CRMT, Dagger, or similar tools to aggregate and analyze multi-source cyber/mission data * Supply Chain Risk Management - Evaluating vendor/component vulnerabilities and integrating supply-chain considerations into overall risk posture * eMASS / Asset Management - Managing assets, controls, and evidence in eMASS or equivalent GRC systems * Risk Quantification & Dependency Mapping - Translating vulnerability findings into business/mission-impact metrics and mapping "what supports what" * Assessment Gap Analysis - Identifying blind spots in current assessment scopes and recommending coverage extensions * Mitigation Prioritization & Redirecting - Tying mitigation actions to prioritized risks and re-allocating resources as mission needs evolve * AI-Enabled Cyber Risk Tools - Applying AI/ML-based risk-management platforms to enhance detection, forecasting, and "digital twin" simulations * Data Collection & Reporting Automation - Designing scripts or workflows (e.g., Python, PowerShell, Ansible) to streamline data gathering and dashboard generation IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.