Senior Cybersecurity Consultant

Location: Montgomery County, PA (Hybrid / On-Site)

Employment Type: Full-Time / Contract

Experience: 5+ Years

Montgomery County is seeking an experienced Senior Cybersecurity Consultant to support enterprise-wide cybersecurity initiatives, risk management programs, security operations, compliance efforts, and strategic security planning. The successful candidate will provide expert guidance on cybersecurity governance, security assessments, incident response, identity and access management, data protection, and security awareness programs.

This role requires a strong understanding of cybersecurity frameworks, risk-based decision-making, and the ability to work with technical teams, business stakeholders, and executive leadership to strengthen the County's overall security posture.

• Conduct enterprise and system-level cybersecurity risk assessments.

• Develop risk mitigation strategies and remediation plans.

• Establish and maintain cybersecurity risk registers.

• Review and develop security policies, standards, procedures, and governance documentation.

• Support security audits, compliance initiatives, and regulatory requirements.

• Perform third-party and vendor security risk assessments.

• Provide recommendations to improve security governance and control maturity.

• Perform network, application, infrastructure, and cloud security assessments.

• Conduct vulnerability assessments and recommend remediation actions.

• Coordinate penetration testing activities and analyze findings.

• Review security architecture, system configurations, and access controls.

• Evaluate endpoint security, network security, and threat detection capabilities.

• Identify security gaps and develop practical remediation strategies.

• Develop and enhance incident response plans and procedures.

• Support cyber incident investigations and response activities.

• Conduct tabletop exercises and cybersecurity simulations.

• Perform root cause analysis and recommend corrective actions.

• Assist with security incident recovery and restoration efforts.

• Collaborate with technical teams during security events and emergencies.

• Assess and improve identity and access management programs.

• Review authentication and authorization controls.

• Evaluate Multi-Factor Authentication (MFA) and Privileged Access Management (PAM) solutions.

• Support implementation of Role-Based Access Control (RBAC).

• Conduct user access reviews and identity governance assessments.

• Develop data classification and protection strategies.

• Evaluate encryption standards and data loss prevention controls.

• Assess cloud and hybrid environment security controls.

• Conduct security maturity assessments and gap analyses.

• Develop cybersecurity roadmaps and strategic improvement plans.

• Support long-term security transformation initiatives.

• Design and deliver cybersecurity awareness programs.

• Conduct phishing awareness and security education campaigns.

• Develop role-based training programs for technical and business users.

• Promote security best practices across the organization.

• Present cybersecurity findings, risks, and recommendations to leadership.

• Develop security metrics, dashboards, and executive reports.

• Assist with cybersecurity budgeting and investment planning.

• Support risk-based decision-making and strategic security initiatives.

• Bachelor's Degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field.

• Minimum 5 years of experience in Cybersecurity, Information Security, Risk Management, Security Consulting, or Security Operations.

• Experience conducting cybersecurity risk assessments and security reviews.

• Strong understanding of cybersecurity governance, risk management, and compliance practices.

• Experience with incident response, vulnerability management, and security operations.

• Knowledge of identity and access management principles and technologies.

• Experience working with cloud, on-premises, and hybrid technology environments.

• Excellent analytical, communication, documentation, and stakeholder management skills.

• Experience supporting government agencies, public sector organizations, healthcare, or other regulated industries.

• Experience leading cybersecurity improvement initiatives and strategic security programs.

• Familiarity with security operations centers (SOC), SIEM platforms, and threat detection technologies.

• Experience presenting security recommendations to executive leadership.

• CISSP - Certified Information Systems Security Professional

• CISM - Certified Information Security Manager

• CISA - Certified Information Systems Auditor

• CRISC - Certified in Risk and Information Systems Control

• CEH - Certified Ethical Hacker

• CompTIA Security+

• GIAC Certifications

• Microsoft…