Cryptographic Risk Assessment Specialist (Contract – Part-time)

Project Duration : Short-term Contract (estimated 6–8 weeks)

Location : Remote

Reporting To : Information Security Lead / Project Manager

Purpose of the Role

To support a high-level cryptographic risk assessment for a client organization. The project aims to establish a baseline cryptographic posture, assess key management practices, prioritize cryptographic risks, and outline a strategic roadmap for post-quantum cryptography readiness.

Key Responsibilities

• Baseline Assessment & Discovery
• Facilitate kickoff meetings and gather information from key stakeholders.
• Conduct a high-level encryption checklist to assess current state.
• Review group-level standards, prior audits, and reports.
• Assist in the identification and documentation of the existing cryptographic inventory and services (e.g., internal data storage, cloud encryption, PKI, DRM).
• Key Management
• Collaborate with the client to assess the current use of Azure Key Vault and other key management tools.
• Contribute to the development of a formal Key Management Plan.
• Deliver or support 1:1 training sessions for relevant stakeholders.
• Cryptographic Assurance
• Identify process gaps related to cryptographic review and assurance.
• Help define and document processes to evaluate cryptographic systems regularly, beyond external penetration tests.
• Risk Prioritization
• Assist in defining cryptographic risk assessment criteria.
• Support the development of a risk prioritization matrix and associated mitigation strategies.
• Post-Quantum Cryptography Readiness
• Collaborate on the creation of a high-level PQC readiness roadmap.
• Define key milestones, resource requirements, and timelines to achieve PQC compliance in the future.
• Executive Engagement
• Support the preparation and delivery of executive summary materials.
• Contribute to the design and facilitation of a 2-hour tabletop exercise for board-level stakeholders, focused on quantum threat scenarios and decision-making.

Required Skills and Experience

• Strong understanding of cryptographic technologies and controls (e.g., PKI, key management, encryption in transit / at rest).
• Experience with Azure Key Vault or similar cloud key management platforms.
• Familiarity with cryptographic standards and risk assessment frameworks.
• Knowledge of quantum computing threats and post-quantum cryptography (preferred).
• Strong communication and documentation skills.
• Experience working with cross-functional teams, including technical and executive stakeholders.
• Ability to translate technical risks into business impacts and mitigation strategies.

Desirable Qualifications

• CISSP, CISM, CCSP, or similar certifications.
• Background in cybersecurity consulting, compliance, or security architecture.
• Experience delivering executive presentations and tabletop exercises.