Job Description

This is a remote position.

We are seeking an experienced cybersecurity professional to conduct an interview-based security assessment for a higher education client. The role requires strong expertise in the NIST Cybersecurity Framework and familiarity with related standards such as NIST 800-53, ISO 27001, and CIS Controls. The ideal candidate will have hands-on experience conducting assessments, preferably in higher education environments, with knowledge of compliance requirements including FERPA, GLBA, HIPAA, and PCI DSS. Strong communication, stakeholder engagement, and report-writing skills are essential, as the project involves translating technical findings into clear, actionable recommendations for non-technical audiences.

Job Title: NIST Assessor

Location: REMOTE

Contract: 2-4 Weeks

Requirements:

• Education - Bachelor's Degree in Information Technology, Cybersecurity, or a related field, or equivalent practical experience
  
• Professional Background - Minimum 5-7 years of experience in IT audit, cybersecurity assessment, or a GRC role
  
• Frameworks & Compliance - Deep expertise in the NIST Cybersecurity Framework; must have strong experience in NIST 800-53, ISO 27001, and CIS Controls
  
• Higher Education Compliance - Verifiable experience with assessments involving FERPA (Student Privacy), GLBA (Financial Aid Data), HIPAA (Student Health Center Data), PCI DSS (Payment Processing), experience with EDUCAUSE resources is a major plus
  
• Network Security - Strong understanding of firewalls, intrusion detection/prevention systems (IDS/IPS), network access control (NAC), and secure network architecture
  
• SIEM & Log Analysis - Familiarity with Security Information and Event Management (SIEM) platforms like Splunk, QRadar, or an ELK Stack for analyzing security events
  
• Cloud Security - Knowledge of security best practices for cloud environments (AWS, Azure, Google Cloud), as many colleges use hybrid infrastructure
  
• Endpoint Security - Experience with endpoint detection and response (EDR/XDR) solutions and antivirus management
  
• Identity & Access Management - Understanding of principles like least privilege, role-based access control (RBAC), multi-factor authentication (MFA), and single sign-on (SSO)
  
• Certifications - Nice to have one or more of the following professional certifications: CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control)
  
• Soft Skills
  
• Excellent Communication: Ability to explain complex technical concepts to non-technical audiences (e.g. college administration)
  
• Strong Report Writing - Capable of producing clear, concise, and professional assessment reports
  
• Analytical & Problem-Solving Skills - Meticulous attention to detail and a methodical approach to risk assessment
  
• Stakeholder Management - Skillful in interviewing personnel and building consensus
  

Job Tags

Similar Jobs