Cyber Risk Strategist and Assessor jobs in United States
cer-icon
Apply on Employer Site
company-logo

Booz Allen Hamilton · 3 hours ago

Cyber Risk Strategist and Assessor

positionUnited States
timeFull-time
remoteRemote
seniorityMid, Senior Level
money$99K/yr - $225K/yr
date5+ years exp

Booz Allen Hamilton is a leading consulting firm, and they are seeking a Cyber Risk Strategist and Assessor to collaborate with clients in assessing their cybersecurity maturity and risk posture. The role involves leading client delivery, developing risk mitigation strategies, and refining cyber capabilities to address clients' strategic and operational needs.

ConsultingCyber SecurityIT InfrastructureManagement ConsultingSecurity
check
Growth OpportunitiesbadNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Collaborate with respected and experienced leaders and seasoned professionals
Work directly with our clients to help them assess their cybersecurity maturity and risk posture
Evaluate and improve the effectiveness of their security controls, risk governance, and risk management programs
Lead portions of client delivery and execution with a growing team of cyber assessors, cyber strategists, threat and risk modelers, and risk management professionals
Work with clients across a variety of industry verticals, including energy, financial services, health or pharmaceuticals, high-tech, and manufacturing
Refine and apply Booz Allen’s cyber capabilities and solutions to address each client’s strategic, operational, and regulatory assessment and risk advisory needs
Lead the identification and assessment of programmatic gaps, technical vulnerabilities, and risks to client systems and environments using qualitative and quantitative approaches
Work with clients to develop risk mitigation strategies, identify areas for systemic improvement, and build long-term strategies to ensure assets are secure, and internal and external compliance requirements are addressed
Evaluate the completeness and effectiveness of risk governance and risk management programs across multiple risk domains in executing the risk management lifecycle
Assist with writing risk policy, standards, processes, and procedures
Develop risk and performance indicators
Design operating models
Develop cost models in Excel
Configure eGRC platforms to execute a Risk Management Framework (RMF)
Work with account managers and capability or market leaders to build relationships with clients and identify future opportunities for capturing strategic clients
Contribute to or lead work capture activities, including facilitating sales meetings, responding to Request for Proposals (RFPs), constructing bespoke project approaches, authoring proposals and Statements of Work (SOW), and designing staffing approaches
Provide leadership and support for a growth-minded business that seeks to continuously evolve and incorporate new techniques and technologies to deliver differentiated and industry-leading capabilities for clients
Partner with our other delivery teams to design, build, and deliver integrated solutions to the market

Qualification

Cyber Risk ManagementCybersecurity AssessmentsThird-Party Risk ManagementRisk Management FrameworkCyber Threat ModelingRegulatory FrameworksCloud SecurityProject ManagementAnalytical SkillsCommunication SkillsTeam LeadershipProblem SolvingAdaptability

Required

5+ years of experience executing engagements in Cyber Risk Management, Third-Party Risk Management (TPRM), Supply Chain Risk Management (SCRM), Technology Risk Management (TRM), or GRC programs, including delivering results to C-level executives and Director-level stakeholders
5+ years of experience executing cybersecurity assessments against industry-standard frameworks such as NIST CSF, NIST 800-53, CIS Critical Security Controls, and ISO 27001, identifying root cause issues, analyzing vulnerabilities, and proposing threat and risk-aligned mitigations that materially enhance organizational cyber resilience and improve the security risk posture
3+ years of experience implementing or auditing third-party risk management programs in accordance with industry frameworks such as NIST SP 800-161
3+ years of experience evaluating and managing third-party relationships throughout their lifecycle, including onboarding and due diligence, assessment of risk, risk mitigation and remediation, continuous monitoring, and offboarding
Experience evaluating and implementing controls aligned with regulatory frameworks such as GDPR, CCPA, CPRA, and state-based legislation, including HIPAA or PCI DSS
Experience with project management, including delivering results within specified timelines and budgets and on cross-functional engagement teams
Knowledge of cyber threat modeling and risk management frameworks and methodologies such as FAIR, NIST RMF, COBIT, MITRE ATT&CK, PASTA, or STRIDE
Knowledge of technology and cybersecurity functions such as asset management, identity and access management, cloud security, network security, security operations, or incident response and technologies such as SIEM, EDR, IPS/IDS, SAST, DAST, CASB/DLP, CSPM, or CWPP
HS diploma or GED

Preferred

Experience communicating complex technical ideas to broad audiences across all organizational levels, including executives such as board members, CEOs, CFOs, CTOs, and CISOs, via whitepapers, assessment reports, and briefs
Experience with application security or product security, including using DevOps, DevSecOps, and SDLC
Experience with cloud assessment methodologies, including utilizing built-in processes for assessing native cloud services, and optimizing cloud infrastructure for efficiency, security, and cost-effectiveness
Experience with Windows or Linux system administration, including managing and securing operating systems effectively
Experience administering and assessing network devices and security, including routers, switches, firewalls, and intrusion detection or prevention systems
Knowledge of SOC or threat hunting, including threat modeling and analysis
Knowledge of emerging topics, including regulations, industry practices, and new technologies such as AI, Cyber Risk Quantification (CRQ), and Zero Trust Architecture (ZTA)
Ability to identify technology vulnerabilities using both manual and automated processes, including automated compliance and vulnerability scanners, and system configuration reviews such as CIS Benchmarks or STIGS
Bachelor's degree in IT, Cybersecurity, CS, Systems Engineering, or Security Policy
CISSP, CGRC, CRISC, CEH, GSEC, CISM, CISA, COBIT 5, FAIR, MITRE ATT&CK, OSCP, Certified Incident Handler (GCHI), GIAC Enterprise Incident Response (GEIR), or MITRE Threat Hunting Certification

Benefits

Health
Life
Disability
Financial
Retirement benefits
Paid leave
Professional development
Tuition assistance
Work-life programs
Dependent care

Company

Booz Allen Hamilton

twittertwittertwitter
Glassdoor4.2
company-logo
Booz Allen Hamilton is a consulting firm that specializes in analytics, technology, and engineering.
dateFounded in 1914
location
Mclean, Virginia, USA
people-size10001+ employees
web-link
http://www.boozallen.com

Funding

Current Stage
Public Company
Total Funding
$3.03B
2025-03-11Post Ipo Debt· $650M
2023-08-01Post Ipo Debt· $650M
2020-08-13Post Ipo Debt· $700M

Leadership Team

leader-logo
Matthew Calderone
Executive Vice President and Chief Financial Officer
linkedin
leader-logo
Kristine Anderson
Chief Operating Officer
linkedin

Recent News

WSJ.com: US Business
Booz Allen Boosts Profit Outlook as Cost Cuts Take Hold
2026-01-24
Benzinga.com
Top Wall Street Forecasters Revamp Booz Allen Hamilton Expectations Ahead Of Q3 Earnings
2026-01-23
Investing.com
Booz Allen Hamilton shares rise as Q3 earnings beat offsets revenue drop
2026-01-23
Company data provided by crunchbase