Cryptographic Risk Assessment Specialist (Contract – Part-time)

Project Duration: Short-term Contract (estimated 6–8 weeks)

Location: Remote

Reporting To: Information Security Lead / Project Manager

To support a high-level cryptographic risk assessment for a client organization. The project aims to establish a baseline cryptographic posture, assess key management practices, prioritize cryptographic risks, and outline a strategic roadmap for post-quantum cryptography readiness.

·      Baseline Assessment & Discovery

·      Facilitate kickoff meetings and gather information from key stakeholders.

·      Conduct a high-level encryption checklist to assess current state.

·      Review group-level standards, prior audits, and reports.

·      Assist in the identification and documentation of the existing cryptographic inventory and services (e.g., internal data storage, cloud encryption, PKI, DRM).

·      Key Management

·      Collaborate with the client to assess the current use of Azure Key Vault and other key management tools.

·      Contribute to the development of a formal Key Management Plan.

·      Deliver or support 1:1 training sessions for relevant stakeholders.

·      Cryptographic Assurance

·      Identify process gaps related to cryptographic review and assurance.

·      Help define and document processes to evaluate cryptographic systems regularly, beyond external penetration tests.

·      Risk Prioritization

·      Assist in defining cryptographic risk assessment criteria.

·      Support the development of a risk prioritization matrix and associated mitigation strategies.

·      Post-Quantum Cryptography Readiness

·      Collaborate on the creation of a high-level PQC readiness roadmap.

·      Define key milestones, resource requirements, and timelines to achieve PQC compliance in the future.

·      Executive Engagement

·      Support the preparation and delivery of executive summary materials.

·      Contribute to the design and facilitation of a 2-hour tabletop exercise for board-level stakeholders, focused on quantum threat scenarios and decision-making.

·      Strong understanding of cryptographic technologies and controls (e.g., PKI, key management, encryption in transit/at rest).

·      Experience with Azure Key Vault or similar cloud key management platforms.

·      Familiarity with cryptographic standards and risk assessment frameworks.

·      Knowledge of quantum computing threats and post-quantum cryptography (preferred).

·      Strong communication and documentation skills.

·      Experience working with cross-functional teams, including technical and executive stakeholders.

·      Ability to translate technical risks into business impacts and mitigation strategies.

·      CISSP, CISM, CCSP, or similar certifications.

·      Background in cybersecurity consulting, compliance, or security architecture.

·      Experience delivering executive presentations and tabletop exercises.