Santcore Technologies ยท 19 hours ago
Info Risk/Cyber Risk Management Consultant
Washington, DC
Contract
Hybrid
Senior Level, Lead/Staff
$80/hr - $85/hr
10+ years expSantcore Technologies is seeking a Senior Info Risk/Cyber Risk Management Consultant to provide specialized expertise in security risk management and technical assessment of various systems. The role involves working with Facilities and external vendors to ensure resilience against cyber threats, particularly in IoT and OT environments.
Information Technology & Services
Responsibilities
Conduct risk assessments for new and existing IoT/OT deployments, including architecture reviews, threat modeling, and control adequacy assessments
Define and assess security control requirements for IoT/OT environments, considering availability, safety, vendor constraints, and lifecycle management
Contribute to the development and maintenance of security standards, baselines, and guidelines specific to IoT and OT systems
Assess compliance with applicable security policies and standards relevant to operational technologies
Support the definition and enforcement of network segmentation, access control, monitoring, and remote access controls for OT environments
Assess cybersecurity risks associated with third-party vendors and managed service providers delivering IoT/OT solutions
Support contract reviews, security requirements definition, and exception management for OT-related services
Advise project teams, facilities management, and business stakeholders on secure design and operation of IoT/OT systems
Provide pragmatic, risk-based recommendations that balance security with operational continuity and user experience
Collaborate with security architecture, security assurance, physical security, and IT operations teams to ensure consistent risk treatment
Maintain impartiality and independence when reporting on IoT/OT security risks and control gaps
Identify opportunities to improve processes, governance, and technical controls related to operational technologies
Support awareness and training efforts to improve understanding of IoT/OT security risks among technical and non-technical stakeholders
Qualification
Required
Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 10 years of relevant experience working as a technical information security risk manager or information security architect
Advanced degree in Information Security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 4 years of relevant experience working as a technical information security risk manager or information security architect
CISSP or CISM (minimum required)
Practical application of risk management frameworks and standards such as ISO 27001/2, ISO 27005, NIST SP 800-30, NIST CSF, COBIT, Purdue Model for ICS/OT security, NIST SP 800-82 and OT-relevant standards (e.g., IEC 62443)
Ability to embed security and risk management into project lifecycles, vendor onboarding, service management, and operational processes
Strong understanding of third-party and supplier risk in managed service and facilities environments
Experience with cyber risk management, assessing and securing IoT and OT platforms, including embedded systems, sensors, controllers, PLC/SCADA environments, or large-scale IoT deployments and specialized appliances
Experience hardening non-traditional OS environments (e.g., Linux-embedded, RTOS, Windows IoT)
Deep knowledge of specialized protocols (e.g., BACnet, Modbus, Zigbee, MQTT, Dante, NDI)
Expertise in securing Physical Security Information Management (PSIM) and AV-over-IP systems
Familiarity with OT/IoT architectures, proprietary protocols, and constrained devices, including lifecycle patching, and availability considerations
Knowledge of modern cyber threats targeting physical, operational, and converged IT/OT environments
Cloud IoT Platform Experience: Azure IoT or AWS IoT or Google Cloud IoT (device provisioning, secure messaging, telemetry pipelines, digital twins)
Ability to bridge the gap between 'hard-hat' facilities management and 'keyboard-focused' cybersecurity
Strong analytical skills with the ability to synthesize technical, operational, and business inputs into clear risk assessments
Ability to balance security requirements with operational safety, reliability, and user experience
Excellent communication skills, including the ability to explain complex technical risks to non-technical stakeholders such as facilities, security, and business leaders
Ability to explain cyber risks to Facilities Managers, Gym Coordinators, and Event Planners in non-technical language
Ability to work independently and collaboratively under pressure, managing multiple priorities and deadlines
Ability to manage tight deadlines during large-scale office renovations or high-profile international conferences
Strong interpersonal and relationship-management skills across diverse stakeholder groups
High level of integrity, professionalism, and discretion
Preferred
CCSP or other expert-level cloud security certification (preferred)
GICSP (GIAC - Global Industrial Cyber Security Professional) (preferred)
GRID (GIAC - Response and Industrial Defense) (preferred)
ISA/IEC 62443 Cybersecurity Expert (preferred)
Certified IoT Security Practitioner or similar vendor-neutral IoT certifications (preferred)
Company
Santcore Technologies
Santcore Technologies is a multidisciplinary IT consulting and solutions firm specializing in cybersecurity, GRC, cloud architecture, application security, digital transformation, and enterprise technology staffing.
11-50 employees
H1B Sponsorship
Santcore Technologies has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (4)
2024 (2)
2023 (1)
Funding
Current Stage
Early StageCompany data provided by crunchbase