Cybersecurity Assessment Analyst

Do you have a passion for understanding what makes a cybersecurity operation tick?

Do you enjoy applying your evaluation and assessment skills to determine practical applications of the NIST Cybersecurity Framework?

Does a variety of cybersecurity operations and enterprise-level security protection interest you?

If so, then we invite you to join our fast-paced technology team in creating groundbreaking cybersecurity solutions for a company unlike any other in the country—working as a trusted partner in a private network of very large, security-sensitive companies creating leading edge and practical applied solutions across multiple industries.
We are seeking multi-talented cybersecurity experts with experience assessing and improving information security programs. This governance-focused, consulting-based role provides practical, actionable, and relevant findings and recommendations for a wide range of our customer organizations.

This position is remote. We are a distributed workforce located throughout the US.

Key Responsibilities and Accountabilities include:

  • Rapid assessment of a variety of third-party policy, procedure, and practices using industry standard frameworks from NIST, CIS, and ISO.
    • Extract detailed understanding of expected organization behavior from documentation of policies, procedures, and other technical data
    • Participate in and conduct succinct interviews with personnel to develop well-supported and defensible conclusions about an organization’s security program
    • Identify and retain awareness of assumptions made to bridge gaps in provided information and recognize how those assumptions modify conclusions
    • Develop practical and actionable recommendations for cybersecurity organizational policy and technology recognizing constraints on budget, capability, and business need
    • Verbal and written summarization of relevant information for effective communication into varied audiences (security specialists, risk managers, other technical, non-technical, management, executives)
  • Proactive identification and tracking of developments in security policy and governance
    • New and established information security standards
    • Potential legal and regulatory considerations for cybersecurity and privacy
  • Production of customer-facing reports and other written cybersecurity/risk products
  • Recommendations for remediation of gaps affecting cybersecurity policy and governance posture
  • Security policy and governance application in a practical manner to different classes of organizations, to ensure good outcomes
    Informal and formal risk assessment process participation to ensure alignment of decisions to the current environment
  • Continuous quality improvement assurance within the assessment program
  • Conformance to the highest ethical standards and established rules of engagement


  • 4+ years of cybersecurity or related experience
  • Experience in both technical and policy roles in a broad range of organizations and industries
  • CISSP, CISA, CISM, or other similar certifications in good standing
  • Past experience should include at least one operational role for medium-large production IT, incident response, or security operations
  • Demonstrable practical understanding of the NIST Cybersecurity Framework (CSF), SEI Capability Maturity Model (CMM/CMMI), and other security and maturity standards and frameworks, including techniques to assess conformance to standards
  • Demonstrable capability to synthesize disparate security frameworks as well as legal and regulatory security and privacy regulations and frameworks into workable assessment models
    • Knowledge of NIST SP. 800-53 Rev. 5, NIST CSF, CIS Controls, ISO 27001:2013, HIPAA, PCI-DSS, Hitrust CSF, CSA CMM/CAIQ, GDPR
  • Demonstrable written and verbal communication skills ensuring clarity, accuracy, and appropriate degrees of brevity/depth for different audiences
  • Demonstrable skill in continuous quality improvement
  • Proven ability to:
    • Work successfully both independently and within a team
    • Identify and conceptualize opportunities to innovate
    • Think critically
    • Adhere to scope, while being creative enough to think outside the box
    • Balance multiple priorities
    • Evaluate risk, understand related consequences and make decisions in that framework
    • Communicate with others effectively, orally and in writing, and have the ability to interact successfully with professionals, peers, and CISOs
    • Successfully pass background and public records screening
  • US Citizen

About Covail:

Covail is a rapid innovation company founded by leading companies in seven different industries that delivers business value through advanced analytics and cybersecurity solutions. We offer a competitive benefits package that includes comprehensive medical and dental care, matching 401K, paid time off, as well as other voluntary benefits. Covail is an Affirmative Action/Equal Opportunity Employer and supports diversity in the workplace. For more information, please visit

To apply, please send a resume and cover letter to

Columbus Collaboratory is now Covail™

1375 Perry Street
Columbus, OH 43201
(614) 591-0440

Trustworthy, Intelligent Operations. Accelerated.

© Copyright 2020 Covail. All Rights Reserved.