IT Risk Assessment - Subject Matter Expert / QA Reviewer - Cybersecurity
Baltimore, Maryland, United States of America
Contract
17 hours ago
$150 USD
Key skills
LeadershipProject ManagementRisk Management
About this role
Job Description: Subject Matter Expert / QA Reviewer
Project: IT Risk Assessment
Engagement Duration: 8 weeks (approximately 24 hours total)
Work Location: Primarily remote; one on-site visit to Baltimore, MD
Employment Type: Contract / 1099
About the Engagement
BizTech Fusion, LLC (BTF) has been selected to deliver a comprehensive IT Risk Assessment for a HUD-funded public housing authority. The assessment is anchored in the NIST Cybersecurity Framework (CSF) 2.0 and HIPAA Security Rule, covering five domains: Governance & Management, Infrastructure & Operations, Security & Access Controls, Applications & Data, and People & Processes.
Role Summary
The Subject Matter Expert / QA Reviewer serves as BTF's senior technical authority on this engagement. This individual reviews all assessment findings and draft deliverables for technical accuracy, completeness, and regulatory alignment before submission to the client. The SME also provides senior advisory support to executive stakeholders and signs off on the final Risk Assessment Report and Risk Register.
Responsibilities
- Conduct quality review of all assessment findings produced by the assessment team across all five domains
- Validate NIST CSF 2.0 maturity tier ratings and HIPAA Security Rule gap findings for accuracy and consistency
- Provide senior technical guidance to the assessment team throughout the engagement
- Review and approve all five formal deliverables: Risk Assessment Report, Risk Register, Gap Analysis, Recommendations Roadmap, and Executive Summary Presentation
- Serve as senior advisor during the Executive Summary Presentation to client leadership (on-site, Baltimore, MD)
- Identify any findings gaps, scoring inconsistencies, or compliance mapping errors prior to client delivery
- Ensure all deliverables meet BTF quality standards and RFP requirements
Required Qualifications
- Education: Bachelor's degree required; advanced degree preferred (Master's in Cybersecurity, Information Systems, or related field)
- Experience: 12+ years in cybersecurity, IT risk management, or government IT advisory roles
- NIST/CSF: Deep expertise in NIST CSF 2.0 and NIST SP 800-53 Rev. 5; demonstrated experience advising agency or authority leadership on risk posture and remediation strategy
- HIPAA: Direct HIPAA Security Rule expertise; proven experience identifying compliance gaps in government or regulated environments
- Government Experience: Prior experience supporting federal, state, local, or HUD-funded clients strongly preferred
- Location: Must be US-based; no offshore work permitted
Required Certifications (at least two preferred)
- CISSP Certified Information Systems Security Professional
- CISM Certified Information Security Manager
- PMP Project Management Professional
- CRISC Certified in Risk and Information Systems Control
- CGRC Certified in Governance, Risk and Compliance (formerly CAP)