Senior Cybersecurity Specialist

For more than 33 years, IMRI has been a trusted partner delivering innovative technology and cybersecurity solutions that empower organizations to achieve mission success. We are seeking a Senior Cybersecurity Specialist to join our team and lead efforts in aligning enterprise security programs with the NIST Cybersecurity Framework (CSF) 2.0, driving governance, compliance, and program maturity. Position Overview The Senior Cybersecurity Specialist will serve as a subject matter expert in governance, risk, and compliance (GRC). This role will be responsible for designing and implementing cybersecurity governance frameworks, conducting NIST CSF 2.0 maturity assessments, and developing executive-level reports and dashboards. The ideal candidate will bring extensive experience in policy development, compliance, and enterprise-wide cybersecurity program design. Key Responsibilities Governance Policy Development Review existing cybersecurity policies, procedures, standards, and risk assessments. Identify policy gaps against NIST CSF 2.0 and recommend updates. Draft and maintain governance framework documents, SOPs, and security policies. Ensure compliance with audit and regulatory requirements. NIST CSF Alignment Engage stakeholders across IT, security, compliance, and business units. Review and validate 2024 NIST Gap Assessment results. Map identified gaps to NIST CSF categories and/or NIST 800-53 controls. Prioritize gaps based on risk, regulatory impact, and business dependencies. Develop detailed remediation plans including resources, timelines, and responsible parties. Cybersecurity Assessment Maturity Modeling Conduct interviews with IT, compliance, and business unit leaders. Validate documentation against observed processes and supporting evidence. Score cybersecurity program maturity against NIST CSF categories/subcategories using a recognized maturity scale (e.g., 15: Partial to Adaptive). Compare maturity levels year-over-year to track improvements or regression. Executive Reporting Communication Create and deliver a comprehensive Cybersecurity Maturity Assessment Report, including: Executive summary Maturity scorecard Gap and risk identification Remediation recommendations with risk prioritization Develop metrics and executive dashboards for ongoing program tracking. Present findings and recommendations in executive-level briefings. Qualifications Experience 7+ years of experience in cybersecurity, with at least 3 years in governance, risk, and compliance (GRC). Deep expertise in NIST CSF (1.1 2.0) and NIST 800-53 integration. Proven experience developing and implementing governance frameworks, SOPs, and policy documentation. Experience in compliance and audit processes across regulated industries. Strong understanding of enterprise systems, interdependencies, and risk prioritization. Ability to design executive-level dashboards and metrics for reporting. Exceptional communication skills, with experience presenting findings to executive leadership. Relevant certifications (CISSP, CISM, CRISC, CGEIT, or equivalent) strongly preferred.