We are seeking Cybersecurity Governance Contractors to support an initiative focused on performing NIST Cybersecurity Framework assessments and strengthening cybersecurity governance practices. These contractors will work closely with cybersecurity, risk, compliance, and business stakeholders to assess current-state cybersecurity capabilities, identify gaps, and support the development of practical recommendations aligned to the NIST CSF.
Key Responsibilities
• Perform NIST Cybersecurity Framework assessments across relevant business and technology areas
• Lead or support discovery sessions to gather information on current cybersecurity practices, controls, and governance processes
• Understand and document current-state cybersecurity capabilities, including:
o Governance structure and cybersecurity oversight
o Risk management practices
o Policies, standards, and procedures
o Security controls and control ownership
o Incident response, detection, protection, and recovery processes
• Conduct gap assessments against NIST CSF functions, categories, and subcategories
• Document assessment findings, risks, maturity levels, and improvement opportunities
• Work with stakeholders to validate assessment results and clarify control evidence
• Support the development of remediation recommendations and cybersecurity improvement roadmaps
• Assist with reporting and presentation materials for leadership and key stakeholders
• Produce key deliverables such as:
o NIST CSF assessment reports
o Current-state and target-state maturity summaries
o Gap analysis documentation
o Risk and remediation recommendations
o Governance and compliance documentation
Required Experience
• At least of 6-8+ years of cybersecurity, risk, compliance, and governance experience
• Experience performing NIST Cybersecurity Framework assessments
• Strong understanding of cybersecurity governance, risk management, and compliance
Preferred Qualifications
• Experience with NIST CSF 2.0 or prior NIST CSF versions
• Familiarity with additional cybersecurity frameworks such as NIST 800-53, ISO 27001, CIS Controls, or COBIT
• Experience supporting enterprise cybersecurity governance programs
• Experience developing cybersecurity roadmaps, maturity assessments, or remediation plans
• Relevant certifications such as CISSP, CISM, CRISC, CISA, Security+, or equivalent