Cybersecurity Consultant

Location

Irving, TX

Work Model

Onsite

Employment Type

Contract

Duration

13 Months

Job Summary

We are seeking an experienced Cybersecurity Consultant to support enterprise cyber risk management initiatives. The ideal candidate will have strong expertise in cyber risk, IT risk, and information security governance, with the ability to communicate complex technical risks to senior leadership in business terms.

This role will be responsible for maintaining cyber risk registers, performing qualitative risk assessments, evaluating control effectiveness, supporting remediation activities, and contributing to the ongoing enhancement of the organization''s cyber risk management program.

Responsibilities

• Facilitate risk acceptance and risk awareness discussions with senior leadership and key stakeholders.

• Translate technical cybersecurity risks into business-focused risk language and actionable recommendations.

• Develop executive-level presentations and reporting materials for leadership review.

• Maintain and manage the cyber risk register, including tracking remediation efforts, risk acceptance decisions, and risk status updates.

• Perform qualitative risk assessments using scenario-based methodologies to evaluate likelihood and business impact.

• Assess control effectiveness and compensating controls and provide risk-based recommendations.

• Support cyber risk management program design, implementation, and continuous improvement initiatives.

• Partner with business, technology, and security teams to identify, assess, and mitigate cyber risks.

• Monitor and report on risk trends, remediation progress, and emerging threats.

Required Education

Option 1

• Bachelor''s Degree and 5+ years of relevant experience in Cyber Risk, IT Risk, Information Security Risk, or related disciplines.

Option 2

• No degree required with a minimum of 7+ years of relevant experience in Cyber Risk, IT Risk, Information Security Risk, or related disciplines.

Required Certifications

One or more of the following certifications is strongly preferred:

• CISSP (Certified Information Systems Security Professional)

• CISA (Certified Information Systems Auditor)

• CISM (Certified Information Security Manager)

• CRISC (Certified in Risk and Information Systems Control)

Required Skills & Experience

• 5+ years of experience in Cyber Risk, IT Risk, Information Security Risk, or Governance, Risk & Compliance (GRC).

• Experience working within consulting organizations or Big 4 environments preferred.

• Strong communication, presentation, and stakeholder management skills.

• Ability to communicate technical cybersecurity concepts in business-focused language.

• Hands-on experience managing cyber risk registers and remediation tracking processes.

• Understanding of information systems, security controls, vulnerabilities, threats, and risk scenarios.

• Strong organizational skills with the ability to manage multiple priorities and stakeholder expectations.

• Experience supporting cyber risk management programs, governance initiatives, or process improvement efforts.

Preferred Skills

• Experience performing qualitative cybersecurity risk assessments.

• Familiarity with FAIR (Factor Analysis of Information Risk) methodology.

• Working knowledge of:

  • NIST Cybersecurity Framework

  • ISO 27001

  • Other industry-standard security frameworks

• Experience with ServiceNow IRM, Archer, or similar GRC platforms.

• Experience evaluating control effectiveness and compensating controls.

• Background in financial services, banking, healthcare, insurance, or highly regulated industries.

Key Competencies

• Cyber Risk Management

• Information Security Governance

• Risk Assessment & Analysis

• Risk Register Management

• Risk Remediation Tracking

• Executive Reporting

• Control Effectiveness Reviews

• GRC Programs

• Stakeholder Engagement

• Process Improvement

Preferred Candidate Profile

The ideal candidate will possess a strong blend of cybersecurity risk expertise, governance experience, executive communication skills, and hands-on experience supporting enterprise risk management programs. Experience with NIST, ISO 27001, risk registers, remediation tracking, and GRC platforms such as ServiceNow IRM will be highly valued.