SUMMARY
The SENIOR
CYBER SECURITY ANALYST/VCISO role is a senior-level consulting position within the Cyber Advisors Security Practice responsible for cyber security governance, risk, and compliance subject matter expertise, collaborating on numerous internal and client-facing security projects, and operational security initiatives. This position will support the development and operational activities of junior-level cyber analysts and engineers while growing the security team's governance and operations skillset, processes, and playbooks. In this role you will create and evangelize a wide-ranging set of security services, technical, and operational capabilities for use in our Cyber Security Consulting Practice. As a consulting virtual Chief Information Security Officer, you are also a senior Security Practice leader, and will be able to use your breadth of business and technical knowledge, skills, and abilities to provide information security thought leadership and guidance to Cyber Advisors clients.
The Senior Cyber Security Analyst/vCISO has responsibility for continuously identifying gaps and managing the improvements in security governance processes, technologies, and operations for Cyber Advisors clients. You will work closely with internal architecture, engineering, and project management teams, to help scope client engagements, and help ensure proactive cyber-defense requirements are identified and communicated early in Cyber Advisors client environments. You will use your expertise to develop and execute on new or expanded service offerings to continuously improve your client's cyber security.
KNOWLEDGE, SKILLS, ABILITIES:
Proven ability to quickly gain an understanding of the client organization's strategy and business environment
Demonstrated ability to provide real-time threat analysis and strategy updates on an ad hoc basis, sometimes after hours
Proven ability to anticipate future client security and compliance challenges
Confidence to oversee Cyber Advisors and/or client mid-level and analyst/engineering teams security initiatives
Proven capability and willingness to perform or assist in discovery, triage, remediation, and evaluation of threats
Demonstrated ability to delicately recommend strategic personnel, software, and/or hardware acquisitions, and improvements
Demonstrated knowledge of and ability to speak to the latest cloud security models, including GCP, AWS, and Azure platform
Understanding and ability to speak to cloud infrastructure or development environments and cloud management initiatives including workload protection, anti-virus, server EDR, container and serverless security, memory and process, integrity/protection, micro-segmentation, vulnerability, hardening, and configuration compliance
Quickly learn and understand the client business environment and match a management style that resonates with the customer
RESPONSIBILITIES:
Initiate cybersecurity risk assessments based on client organization's assets
Establish the client organization's cybersecurity strategy
Build client cybersecurity plans and programs, including policies, standards, and practices, from varying capability maturity level starting points
Build client Governance, Risk, and Compliance (GRC) programs appropriate to their scope, scale, and maturity
Assist with or lead third party assessment responses or requests of client partners, suppliers, and vendors
Maintain core security operations, including utilization of NOC/SOC services, EDR, PAM, MDM, and other specialized internal, client, or third-party security operations
Focus on people including indirect management of personnel, contractors, and/or vendors
Build and execute training strategies
Develop and support incident response processes and practices to ensure timely assessment, triage, remediation, containment, mitigation, and documentation of Cyber Advisors and client incidents
Review and analyze cyber threats and provide SME support and training to junior level security analysts and engineers
Interact with and assist other Cyber Advisors teams within the NOC and MSP practice on time sensitive, critical investigations of Cyber Advisors clients
Work with solution architects and sales staff to solve client problems and establish effective, productive business relationships
Define baseline security monitoring requirements for all new projects, services, and applications used or recommended by Cyber Advisors
Understand and be able to articulate the information security strategy and business environment of diverse clients
Establish and maintain client enterprise security vision, strategy, and programs
Management experience overseeing mid-level and analyst/engineering teams
QUALIFICATIONS:
Confidence and business acumen working with C-suite executives, and other business disciplines such as finance, HR, legal, and compliance
Demonstrate ability to communicate with all levels of an organization, clearly and concisely present issues, alternatives, and recommendations
Demonstrate ability to explain complex technical concepts to a non-technical audience
Demonstrate ability to proactively look for process improvement opportunities, challenge conventional practices, and adopt new methods and best practices while showing continuous self-improvement
Demonstrate remarkably high verbal and written communication skills, including strong technical documentation skills, and the ability to clearly record key information
Demonstrate ability to manage and prioritize multiple tasks, aggressive targets, and deadlines
Demonstrate understanding of priorities and effective work procedures, self-manage work time and prioritize multiple tasks and problems
Practical experience within three or more of the following domains
Demonstrated experience in a senior or enterprise-level governance, risk, or compliance role
EDUCATION AND CERTIFICATIONS:
The successful candidate will hold:
WORKING CONDITIONS AND PHYSICAL EFFORT: