Title: Lead Cybersecurity Risk Assessor (NIST / State Government) Location: Remote with Travel Throughout Florida Tagged: Cyber Security, Project Based Employment Type: Contract / Project-Based Position Summary We are seeking a Lead Cybersecurity Risk Assessor to support a large-scale public-sector cybersecurity assessment initiative involving multiple government entities across the State of Florida. The selected professional will serve as the technical lead responsible for planning, conducting, and overseeing enterprise cybersecurity risk assessments aligned with NIST SP 800-30, NIST SP 800-53 Rev. 5, and cybersecurity governance frameworks. This individual will lead assessment teams, conduct executive-level interviews, evaluate organizational controls, identify security risks, and develop strategic remediation recommendations. Candidates must possess substantial experience leading cybersecurity assessments within government, education, healthcare, or highly regulated environments. Key Responsibilities - Lead cybersecurity risk assessments across multiple organizations and locations. - Evaluate administrative, technical, and operational security controls. - Conduct executive interviews and stakeholder workshops. - Review cybersecurity policies, standards, procedures, and governance frameworks. - Perform risk identification, threat analysis, vulnerability assessments, and risk scoring. - Map findings to NIST Cybersecurity Framework and NIST 800-53 control families. - Develop remediation strategies, implementation roadmaps, and risk mitigation plans. - Prepare executive briefings, technical reports, and risk assessment documentation. - Provide quality assurance oversight for assessment teams and project deliverables. Required Qualifications - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field. - 10+ years of cybersecurity, risk management, or information assurance experience. - 7+ years leading enterprise cybersecurity assessments. - Demonstrated experience with NIST SP 800-30 and NIST SP 800-53. - Experience supporting state government, federal government, education, or public-sector organizations. - Strong report-writing and executive presentation skills. Preferred Certifications - CISSP - CISA - CRISC - CISM - CGEIT Candidates must be able to provide: - Detailed resume. - Descriptions of comparable cybersecurity assessment projects. - Scope, size, and complexity metrics for prior engagements. - Client references where permissible. - Examples of risk assessment methodologies utilized. - Evidence of participation in NIST-based assessment initiatives. Preferred Experience - Statewide cybersecurity assessment programs. - Education sector cybersecurity initiatives. - Government audit and compliance reviews. - Multi-site assessments involving 20+ locations. - Executive-level risk reporting and remediation planning. Job # 3714

• Understand and execute the audit process using a risk-based audit approach • Perform analysis of the process and associated risks • Develop and conduct formal testing to determine if controls are effective to mitigate or manage risks • Communicate the impact for achieving objectives • Develop recommendations and prepare a final report

Assist with network security operations, analyze and resolve vulnerability issues, generate reports, and document activities related to various security controls and technologies to ensure robust network security and compliance.

• Support security, privacy, and governance activities across the Microsoft 365 cloud suite. • Assist with data readiness planning and integration of Microsoft Purview to protect sensitive data. • Support management of user permissions, data retention, compliance settings, and enterprise policies. • Assist with documentation and management of Security Change Requests and audit logging solutions. • Support Microsoft security and cyber architecture activities related to M365 services. • Assist with security and configuration support for SharePoint Online, OneDrive for Business, Exchange Online, Teams, Power Platform, Copilot, Azure/Azure AD, Intune, and AvePoint Online Services. • Support AvePoint Online Services security capabilities, including tenant-to-tenant considerations, Splunk Enterprise integration, bring-your-own-key configurations, IP restrictions, SFTP, and related interfaces. • Collaborate with systems support staff and technical teams to identify, mitigate, and document risks. • Contribute to bi-weekly and monthly status reporting, including action items, risks, mitigations, escalations, accomplishments, and closures.