18 month contract remote work

Secret security clearance

• Lead the creation, drafting, and finalization of comprehensive cyber system risk reports for internal clients and stakeholders
• Translate and synthesize complex technical findings from Threat and Risk Assessments (TRAs) and penetration tests into clear, actionable business insights for non-technical stakeholders
• Quickly integrate into the existing Assurance team workflow and manage the cyber risk reporting queue for the duration of the engagement
• Apply industry-standard cyber risk frameworks, including National Institute of Standards and Technology (NIST) and the Harmonized Threat and Risk Assessment (HTRA) methodology, to assess, document, and communicate risk
• Document, track, and report cyber risks in ServiceNow Governance, Risk Compliance (GRC), including risk register entries, treatment plans, exceptions, and remediation tracking
• Convert technical vulnerability and threat findings into clear business impact statements and risk treatment recommendations for senior stakeholders
• Support governance forums, internal audit, and regulatory inquiries with clear written and verbal communication of cyber risk posture
• Maintain the quality, consistency, and timeliness of the Assurance team's reporting outputs across the engagement
• Provide guidance to team members on report quality, framework alignment, and effective risk articulation, as required
• Produce documentation, artifacts, and reporting required for stakeholders, governance forums, and leadership

Required Qualifications & Skill

• University Degree or College Diploma in computer science, information security, risk management, or a related field
• A minimum of five (5) years of recent demonstrated experience in cyber security, technology risk, or a related discipline
• A minimum of three (3) years of recent demonstrated experience producing executive-grade cyber risk reports for senior business and technology stakeholders
• Demonstrated working knowledge and practical application of (NIST) cyber security risk frameworks (e.g., NIST CSF, NIST SP 800-30, NIST SP 800-53)
• Demonstrated working knowledge and practical application of the Harmonized Threat and Risk Assessment (HTRA) methodology
• Demonstrated recent hands-on experience using ServiceNow GRC for documenting, tracking, and reporting on cyber risks, including risk register and issue management modules
• Demonstrated experience interpreting penetration test and Threat & Risk Assessment (TRA) outputs and converting them into clear, actionable business language
• Demonstrated strong written and verbal communication skills, with the ability to deliver sensitive risk information to business leaders in a clear, objective, and consultative manner
• Demonstrated strong knowledge of common cyber vulnerabilities, exploit methods, and risk remediation strategies, with the ability to map technical risks to business impact
• Demonstrated ability to work independently, manage competing priorities, and integrate quickly into an existing team's workflow
• Demonstrated ability to enforce consistency in language, risk articulation, and formatting across multiple reports, ensuring alignment with enterprise reporting expectations
• Demonstrated experience leveraging AI-assisted tools to support analysis, content generation, or data processing, with a focus on maintaining accuracy, confidentiality, and alignment with organizational standards
• Demonstrated strong data comprehension, including the ability to differentiate between structured and unstructured data, understand relationships across data elements, and apply data management principles to ensure consistent, accurate, and reusable reporting outputs

Additional Qualification

• Demonstrated knowledge of ISO/IEC 27001 / 27002 / 27005 and other risk management frameworks
• Demonstrated experience supporting third-party risk management, cloud risk management, or vendor assurance activities
• Demonstrated experience integrating ServiceNow GRC with related modules (e.g., ServiceNow Vulnerability Response, IRM) to streamline risk reporting
• Demonstrated experience converting cloud and emerging-technology risks (e.g., Azure, hybrid cloud, AI) into executive-ready risk reporting
• Relevant certifications are considered an asset (e.g., CISSP, CISM, CRISC, CISA, ISO/IEC 27001 Lead Auditor, ServiceNow Certified Implementation Specialist – Risk and Compliance)

ACCESSIBILITY

We’re committed to fostering an inclusive, equitable, and accessible workplace where every team member feels valued, respected, and supported, and has the opportunity to reach their full potential. We wel