Senior Cybersecurity Specialist

For more than 33 years, IMRI has been a trusted partner delivering innovative technology and cybersecurity solutions that empower organizations to achieve mission success. We are seeking a Senior Cybersecurity Specialist to join our team and lead efforts in aligning enterprise security programs with the NIST Cybersecurity Framework (CSF) 2.0, driving governance, compliance, and program maturity.

---

Position Overview

The Senior Cybersecurity Specialist will serve as a subject matter expert in governance, risk, and compliance (GRC). This role will be responsible for designing and implementing cybersecurity governance frameworks, conducting NIST CSF 2.0 maturity assessments, and developing executive-level reports and dashboards. The ideal candidate will bring extensive experience in policy development, compliance, and enterprise-wide cybersecurity program design.

---

Key Responsibilities

Governance & Policy Development

• Review existing cybersecurity policies, procedures, standards, and risk assessments.

• Identify policy gaps against NIST CSF 2.0 and recommend updates.

• Draft and maintain governance framework documents, SOPs, and security policies.

• Ensure compliance with audit and regulatory requirements.

NIST CSF Alignment

• Engage stakeholders across IT, security, compliance, and business units.

• Review and validate 2024 NIST Gap Assessment results.

• Map identified gaps to NIST CSF categories and/or NIST 800-53 controls.

• Prioritize gaps based on risk, regulatory impact, and business dependencies.

• Develop detailed remediation plans including resources, timelines, and responsible parties.

Cybersecurity Assessment & Maturity Modeling

• Conduct interviews with IT, compliance, and business unit leaders.

• Validate documentation against observed processes and supporting evidence.

• Score cybersecurity program maturity against NIST CSF categories/subcategories using a recognized maturity scale (e.g., 1–5: Partial to Adaptive).

• Compare maturity levels year-over-year to track improvements or regression.

Executive Reporting & Communication

• Create and deliver a comprehensive Cybersecurity Maturity Assessment Report, including:

  • Executive summary

  • Maturity scorecard

  • Gap and risk identification

  • Remediation recommendations with risk prioritization

• Develop metrics and executive dashboards for ongoing program tracking.

• Present findings and recommendations in executive-level briefings.

---

Qualifications & Experience

• 7+ years of experience in cybersecurity, with at least 3 years in governance, risk, and compliance (GRC).

• Deep expertise in NIST CSF (1.1 & 2.0) and NIST 800-53 integration.

• Proven experience developing and implementing governance frameworks, SOPs, and policy documentation.

• Experience in compliance and audit processes across regulated industries.

• Strong understanding of enterprise systems, interdependencies, and risk prioritization.

• Ability to design executive-level dashboards and metrics for reporting.

• Exceptional communication skills, with experience presenting findings to executive leadership.

• Relevant certifications (CISSP, CISM, CRISC, CGEIT, or equivalent) strongly preferred.