Cyber Security Risk Reporting Consultant (Remote)

About the role

This contract position supports the Cyber Security Assurance function by producing executive‑grade cyber risk reports for internal stakeholders. The consultant works remotely and integrates quickly into an existing assurance team.

Key responsibilities

• Lead the development of comprehensive cyber system risk reports, from drafting to final delivery.
• Translate penetration‑test and Threat Risk Assessment (TRA) outputs into clear, business‑focused insights.
• Manage the risk‑reporting workflow, overseeing the reporting queue throughout the engagement.
• Apply NIST frameworks (CSF, SP 800‑30, SP 800‑53) and HTRA methodology to assess, document, and communicate risk.
• Document risks, treatment plans, and remediation tracking in ServiceNow GRC.
• Convert technical vulnerabilities into business impact statements with recommended treatments.
• Support governance forums, internal audit, and regulatory inquiries with written and verbal updates.
• Ensure reporting quality, consistency, and alignment with enterprise expectations.
• Provide guidance to team members on report quality and framework alignment.
• Produce required artifacts and documentation for stakeholders and leadership.

Required profile

• Degree or diploma in Computer Science, Information Security, Risk Management or related field.
• 5+ years recent experience in cyber security or technology risk.
• 3+ years experience creating executive‑grade cyber risk reports.
• Hands‑on experience with NIST CSF, NIST SP 800‑30, NIST SP 800‑53.
• Practical experience applying the HTRA methodology.
• Recent experience using ServiceNow GRC (risk register, issue management).
• Ability to interpret penetration‑test and TRA outputs and translate them for senior stakeholders.
• Strong written and verbal communication skills.
• Ability to work independently, manage competing priorities, and enforce consistent risk articulation.

Required skills

• NIST CSF
• NIST SP 800‑30
• NIST SP 800‑53
• HTRA methodology
• ServiceNow GRC
• Penetration‑test analysis
• Threat Risk Assessment (TRA) interpretation
• AI‑assisted analysis tools
• Data comprehension (structured vs. unstructured)