IT Risk Assessment – Subject Matter Expert​/QA Reviewer – Cybersecurity

Job Description:

Subject Matter Expert / QA Reviewer

Project: IT Risk Assessment

Engagement Duration: 8 weeks (approximately 24 hours total)

Work Location:

Primarily remote; one on-site visit to Baltimore, MD

Employment Type:

Contract / 1099

Biz Tech Fusion, LLC (BTF) has been selected to deliver a comprehensive IT Risk Assessment for a HUD-funded public housing authority. The assessment is anchored in the NIST Cybersecurity Framework (CSF) 2.0 and HIPAA Security Rule, covering five domains:
Governance & Management, Infrastructure & Operations, Security & Access Controls, Applications & Data, and People & Processes.

The Subject Matter Expert / QA Reviewer serves as BTF’s senior technical authority on this engagement. This individual reviews all assessment findings and draft deliverables for technical accuracy, completeness, and regulatory alignment before submission to the client. The SME also provides senior advisory support to executive stakeholders and signs off on the final Risk Assessment Report and Risk Register.

• Conduct quality review of all assessment findings produced by the assessment team across all five domains
• Validate NIST CSF 2.0 maturity tier ratings and HIPAA Security Rule gap findings for accuracy and consistency
• Provide senior technical guidance to the assessment team throughout the engagement
• Review and approve all five formal deliverables:
  Risk Assessment Report, Risk Register, Gap Analysis, Recommendations Roadmap, and Executive Summary Presentation
• Serve as senior advisor during the Executive Summary Presentation to client leadership (on-site, Baltimore, MD)
• Identify any findings gaps, scoring inconsistencies, or compliance mapping errors prior to client delivery
• Ensure all deliverables meet BTF quality standards and RFP requirements

• Education:
  
  Bachelor’s degree required; advanced degree preferred (Master’s in Cybersecurity, Information Systems, or related field)
• Experience:
  
  12 years in cybersecurity, IT risk management, or government IT advisory roles
• NIST/CSF:
  Deep expertise in NIST CSF 2.0 and NIST SP 800-53 Rev. 5; demonstrated experience advising agency or authority leadership on risk posture and remediation strategy
• HIPAA:
  Direct HIPAA Security Rule expertise; proven experience identifying compliance gaps in government or regulated environments
• Government
  
  Experience:
  
  Prior experience supporting federal, state, local, or HUD-funded clients strongly preferred
• Location:
  
  Must be US-based; no offshore work permitted

• CISSP Certified Information Systems Security Professional
• CISM Certified Information Security Manager
• PMP Project Management Professional
• CRISC Certified in Risk and Information Systems Control
• CGRC Certified in Governance, Risk and Compliance (formerly CAP)