Cybersecurity Risk Assessment Consultant in Annapolis, MD - Hybrid Role

Job Title: Cybersecurity Risk Assessment Consultant Location: Hybrid (onsite work possibly at various locations throughout Maryland) Annapolis, MD

Position Overview

We are seeking a Cybersecurity GRC Data & Dashboard Consultant to support follow-on work from approximately 90 completed cybersecurity assessments for a client. The consultant will transform assessment results into structured data, dashboards, and reports that align with NIST CSF, CMMI maturity scoring, and the client s Governance, Risk, and Compliance (GRC) platform (e.g., ServiceNow GRC). This role is ideal for someone with strong cybersecurity domain knowledge, GRC platform experience, and hands-on skills in data analytics and dashboard development. The consultant will help build real-time, interactive views of client-wide and agency-level cybersecurity maturity, risks, issues, and remediation progress to support executive decision-making and continuous improvement.

Responsibilities

• Convert all assessment results into a format compatible with the client s GRC platform import requirements.
• Prepare and manage key data outputs, including assessment scope, maturity scores (CMMI 0 5 by NIST CSF function/category/control), findings, risks, issues, and recommended remediation actions.
• Provide data files and reports in Client-specified formats and offer reasonable technical assistance to support successful import into the Client s GRC platform.
• Incorporate agency issue response status data from the Client s GRC platform into reporting and analysis, as needed.
• Design, develop, and maintain real-time reporting dashboards using cybersecurity assessment data at both client-wide (aggregated) and agency (disaggregated) levels.
• Build dashboards that show:
  • Top control categories by maturity
  • Most common constraints
  • Top recommended areas of improvement
  • CMMI-based maturity levels (0 5) across Identify, Protect, Detect, Respond, and Recover
  • Top findings, risks, issues, and issue response by agency
• Ensure all dashboards are interactive, allowing users to drill down into underlying assessment data behind summary metrics.
• Implement robust filters in dashboards to support targeted analysis, including filters for: Executive Branch designation, enterprise agency, agency size tier, IT complexity tier, and overall Maturity Group.
• Build agency-level dashboards that:
  • Display average maturity scores by NIST CSF area compared against client-wide averages using side-by-side bar charts
  • Show maturity averages by CSF categories (e.g., Communications, Maintenance, Access Control) compared to client-wide averages
  • Highlight recommended areas of improvement, top 10 findings, and percent completion of identified issues
• Create comparison dashboards that allow users to select one or more agencies and compare ratings and metrics across NIST CSF areas and categories.
• Integrate historical NIST CSF assessment data from prior years into dashboards to show year-over-year trends at both agency and client-wide levels.
• Ensure all required data entry is completed before final project close-out unless an exception is approved by the client.
• Provide reasonable technical assistance to support ongoing imports and integration into the Client s GRC platform.
• Participate in weekly status meetings with client stakeholders.
• Prepare concise written status updates on a bi-weekly basis and join additional meetings/discussions as needed.
• Maintain and follow quality procedures, methodologies, and standards relevant to this contract, including those associated with Client platforms such as ServiceNow GRC.

Qualifications

• Bachelor s degree in Cybersecurity, Information Technology, Computer Science, Data Analytics, or related field (or equivalent experience).
• 5+ years of experience in cybersecurity, GRC, or risk management roles supporting government or large enterprise environments.
• Hands-on experience working with NIST Cybersecurity Framework (NIST CSF) and familiarity with NIST 800-53 and/or NIST 800-171 controls.
• Experience with CMMI-style maturity scoring (0 5) and translating assessment results into structured data and reports.
• Practical experience with Governance, Risk, and Compliance (GRC) platforms, preferably ServiceNow GRC or similar Client/enterprise platforms.
• Strong skills in data analysis and dashboard/report development using tools such as Power BI, Tableau, or similar visualization platforms.
• Proven ability to design interactive dashboards with drill-down and filter capabilities for different organizational tiers (e.g., client-wide vs. agency-level).
• Experience integrating and analyzing historical assessment data to present trends and performance changes over time.
• Strong attention to detail and ability to ensure data quality, consistency, and completeness prior to project close-out.
• Excellent written and verbal communication skills, including experience preparing status reports and presenting findings to technical and non-technical stakeholders.
• Demonstrated commitment to ongoing training and staying current with cybersecurity standards, tools, and assessment methodologies.
• Ability to participate in weekly calls and other meetings during standard business hours and collaborate effectively with a remote, multi-organization team.