Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

CISO- Virtual Consultant

C

Cyber Advisors

CISO- Virtual Consultant

National
Full Time
Paid
Similar Jobs
  • Responsibilities

    SUMMARY

    The SENIOR

    CYBER SECURITY ANALYST/VCISO role is a senior-level consulting position within the Cyber Advisors Security Practice responsible for cyber security governance, risk, and compliance subject matter expertise, collaborating on numerous internal and client-facing security projects, and operational security initiatives.  This position will support the development and operational activities of junior-level cyber analysts and engineers while growing the security team's governance and operations skillset, processes, and playbooks. In this role you will create and evangelize a wide-ranging set of security services, technical, and operational capabilities for use in our Cyber Security Consulting Practice.  As a consulting virtual Chief Information Security Officer, you are also a senior Security Practice leader, and will be able to use your breadth of business and technical knowledge, skills, and abilities to provide information security thought leadership and guidance to Cyber Advisors clients.

    The Senior Cyber Security Analyst/vCISO has responsibility for continuously identifying gaps and managing the improvements in security governance processes, technologies, and operations for Cyber Advisors clients.  You will work closely with internal architecture, engineering, and project management teams, to help scope client engagements, and help ensure proactive cyber-defense requirements are identified and communicated early in Cyber Advisors client environments.  You will use your expertise to develop and execute on new or expanded service offerings to continuously improve your client's cyber security.

    KNOWLEDGE, SKILLS, ABILITIES:

    Proven ability to quickly gain an understanding of the client organization's strategy and business environment

    Demonstrated ability to provide real-time threat analysis and strategy updates on an ad hoc basis, sometimes after hours

    Proven ability to anticipate future client security and compliance challenges

    Confidence to oversee Cyber Advisors and/or client mid-level and analyst/engineering teams security initiatives

    Proven capability and willingness to perform or assist in discovery, triage, remediation, and evaluation of threats

    Demonstrated ability to delicately recommend strategic personnel, software, and/or hardware acquisitions, and improvements

    Demonstrated knowledge of and ability to speak to the latest cloud security models, including GCP, AWS, and Azure platform

    Understanding and ability to speak to cloud infrastructure or development environments and cloud management initiatives including workload protection, anti-virus, server EDR, container and serverless security, memory and process, integrity/protection, micro-segmentation, vulnerability, hardening, and configuration compliance

    Quickly learn and understand the client business environment and match a management style that resonates with the customer

    • Quickly build trusted relationships with key personnel, in order to foster a successful cybersecurity program
    • Meet customer requirements with flexibility and good humor
    • Reflect the highest possible ethical and moral standards of the virtual CISO program
    • Utilize, create, and improve upon Cyber Advisors and open source cyber security artifacts to present a singular point of view for the Security Practice and Cyber Advisors, and for the benefit of our vCISO clients

    RESPONSIBILITIES:

    • Initiate cybersecurity risk assessments based on client organization's assets

    • Establish the client organization's cybersecurity strategy

    • Build client cybersecurity plans and programs, including policies, standards, and practices, from varying capability maturity level starting points

    • Build client Governance, Risk, and Compliance (GRC) programs appropriate to their scope, scale, and maturity

    • Assist with or lead third party assessment responses or requests of client partners, suppliers, and vendors

    • Maintain core security operations, including utilization of NOC/SOC services, EDR, PAM, MDM, and other specialized internal, client, or third-party security operations

    • Focus on people including indirect management of personnel, contractors, and/or vendors

    • Build and execute training strategies

    • Develop and support incident response processes and practices to ensure timely assessment, triage, remediation, containment, mitigation, and documentation of Cyber Advisors and client incidents

    • Review and analyze cyber threats and provide SME support and training to junior level security analysts and engineers

    • Interact with and assist other Cyber Advisors teams within the NOC and MSP practice on time sensitive, critical investigations of Cyber Advisors clients

    • Work with solution architects and sales staff to solve client problems and establish effective, productive business relationships

    • Define baseline security monitoring requirements for all new projects, services, and applications used or recommended by Cyber Advisors

    • Understand and be able to articulate the information security strategy and business environment of diverse clients

    • Establish and maintain client enterprise security vision, strategy, and programs

    • Management experience overseeing mid-level and analyst/engineering teams

    QUALIFICATIONS:

    Confidence and business acumen working with C-suite executives, and other business disciplines such as finance, HR, legal, and compliance

    Demonstrate ability to communicate with all levels of an organization, clearly and concisely present issues, alternatives, and recommendations

    Demonstrate ability to explain complex technical concepts to a non-technical audience

    Demonstrate ability to proactively look for process improvement opportunities, challenge conventional practices, and adopt new methods and best practices while showing continuous self-improvement

    Demonstrate remarkably high verbal and written communication skills, including strong technical documentation skills, and the ability to clearly record key information

    Demonstrate ability to manage and prioritize multiple tasks, aggressive targets, and deadlines

    Demonstrate understanding of priorities and effective work procedures, self-manage work time and prioritize multiple tasks and problems

    Practical experience within three or more of the following domains

    • Security operations – evaluating the IT threat landscape, devising cyber security policies and controls to reduce risk, leading IT security audits and assessments, and leading compliance initiatives
    • Disaster recovery and/or business continuity – developing cyber resiliency programs so that organizations can rapidly recover from hacking, security incidents, or infringements
    • Security governance – developing information security programs and deciding whether information security initiatives are worth the financial investments
    • Documentation and technical writing – creating or contributing to a variety of security policy domains associated with compliance, governance, risk management, incident management, and writing concise, elegant, informative technical reports
    • Compliance – ensuring that an organization is adaptable to evolving government, industry, and regulatory compliance frameworks
    • Program development and execution – weighing business information security strengths, weaknesses, opportunities, and threats against an organization's short and long-term business goals

    Demonstrated experience in a senior or enterprise-level governance, risk, or compliance role

    • Strong interpersonal and leadership skills to influence and build credibility
    • Demonstrate a sense of urgency with the ability to perform well under significant pressure
    • Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences including executives
    • Strong familiarity with SP 800 series, CIS Benchmarks, COBIT, and similar controls standards
    • Demonstrate understanding of NIST CSF, CMMC, ISO 27000, and other security frameworks

    EDUCATION AND CERTIFICATIONS:

    The successful candidate will hold:

    • 8+ years' experience in security, network, or cyber security analysis or operations
    • CISSP strongly preferred or at minimum a bachelor's or master's degree in Information Assurance, Information Technology, Computer Science, or Business, or a related technical discipline, or equivalent professional experience related to information assurance, security, cyber, or computer network defense
    • Relevant security related certifications include one or more CCISO, CISA, CISM, CCSK, CCSP or similar
    • Experience with DoD or LEO communities a plus

    WORKING CONDITIONS AND PHYSICAL EFFORT:

    • Must be responsive to client, company, and project emergencies
    • May require occasional out-of-state travel
    • This position includes both on-site and remote work activities
    • Ability and willingness to work from the office and from home as needed
    • Desire to consult and influence clients across multiple cybersecurity domains