Focal Point Data Risk, a CDW Company, is one that delivers a unified approach to addressing data risk through a unique combination of consulting service offerings.
The Cyber Security Manager is responsible for managing and performing engagements related to a variety of technical assessments. Managers have deep subject matter expertise, the ability to interface directly with clients to lead successful and positive engagements, and the capacity to manage and mentor teams of junior resources. The Cyber Security Manager is an integral part of the delivery team and is responsible for reviewing draft deliverables, building relationships with client contacts, and providing technical guidance and consulting during engagements. Because much of the work takes place on-site at client locations, frequent travel will be required.
- Experience with the performance of Business Impact Analyses (BIAs) along with development of business continuity and disaster recovery plans (BCPs and DRPs)
- Managing and performing cybersecurity control assessments in a wide variety of business environments, including:
- NIST Cybersecurity Framework (CSF)
- HIPAA Security Rule
- Cloud Security Controls
- Understanding of data protection, classification, and management controls
- Understanding of cybersecurity policies and procedures
- Providing trusted advisory services and guidance to clients that will reduce organizational risk and improve their overall security posture
- Preparing and reviewing reports and other deliverables that contain strategy, technical analysis, and findings in connection with our advisory and assessment engagements and communicating those results to client management
- Managing staff in the completion of engagements on time with limited necessary revision
- Assisting with business development activities, as a subject matter expert, including proposal development and sales calls
- Preparing proposals and statements of work for future engagements
- Managing teams of consultants and senior consultants in client engagements
- Training, mentoring, and development of assigned team consultants
- 4+ years of relevant experience in the field(s) of IT Audit, Consulting, and/or Security, Privacy or Risk Management.
- Previous experience in a Big4 consulting and/or other consulting firm preferable.
- Understanding of or experience with industry and regulatory frameworks and standards, including but not limited to: PCI DSS, NIST SP 800-30, NIST CSF, ISO 27000 series, Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM), Center for Internet Security (CIS) Top 20 Critical Security Controls (CSC), HIPAA Security Rule and HITECH Act, and information security requirements of Generally Accepted Privacy Principles (GAPP)
- Knowledge and/or experience assessing firewalls, server operating systems, security tools (e.g., anti-virus, intrusion detection/prevention systems), and cryptography
- Working knowledge of network, database, and application-level security
- Advanced written and verbal communication skills
- Strong interpersonal skills and the ability to foster close professional relationships with clients
- Strong project management skills and the ability to manage multiple projects and teams in parallel
- Strong analytical skills and the ability to understand complex client business processes
- An understanding of the importance of business ethics
- Qualities such as professionalism, attention to detail, strong organizational skills, team-focus, dedication, resourcefulness, and an eagerness to learn
- Strong proficiency with Microsoft Windows, MacOS, and the Microsoft Office suite of products, (i.e. Word, Excel, Visio, PowerPoint)
- Bachelor’s degree in Management Information Systems, Computer Information Systems, Computer Science, Engineering or a related field;
- Obtained or working towards Certified Information Systems Security Professional (CISSP) certification. (Candidates that do not yet possess the CISSP will be required to obtain the certification after hire.)
- CISA, CIPP, CISM, PCI-QSA, CCSP, or related certifications are a plus.