Job Overview
Join our esteemed Enterprise Security Services team as a Manager, Cyber Assessment in a fully remote capacity. This pivotal role will empower you to lead initiatives that ensure the highest standards of information security across diverse technology projects, contributing significantly to our organization’s commitment to excellence.
Key Responsibilities
- Execute thorough information security risk assessments utilizing both industry-standard and proprietary control frameworks.
- Employ a range of assessment techniques, including vendor evaluations, security requirement definitions, and security testing facilitation.
- Assess security controls through various methodologies, including both active and passive testing approaches.
- Advise project teams on compensating control alternatives when security standards are not achieved.
- Function as the main point of contact between IT project teams and Cyber Security groups to ensure alignment of security resources with project goals and timelines.
- Review evidence to effectively close corrective action plans while ensuring they meet established control objectives.
- Stay abreast of emerging trends, tools, and methodologies in security assessments and maintain comprehensive documentation.
- Conduct vendor security assessments, enhancing processes, evaluating vendor controls, and establishing security requirements.
- Communicate and manage remediation plans with both vendors and IT teams, recommending mitigating or compensating controls where necessary.
- Collaborate with representatives from IT and other business functions to prioritize projects in alignment with IT Risk and Security resource planning.
- Serve as a subject matter expert across various IT security domains, including access control, cryptography, and monitoring.
- Oversee smaller projects, manage timelines, and contribute to staffing decisions while providing coaching and feedback to junior team members.
Required Skills
- At least five years of contemporary experience in cyber security risk assessments and control reviews, leveraging frameworks such as NIST 800-53, NIST 800-171, FedRAMP, or CMMC.
- A bachelor’s degree from a recognized institution is preferred, with relevant certifications such as CISSP or CISA being advantageous. Certifications like CEH, GPEN, OSCP, or OSCE are also valued.
- Proficient with both active and passive assessment methodologies, familiar with control frameworks including NIST, ISO, HITRUST, PCI, and others.
- Comprehensive understanding of security principles, IT security controls, network security, and cloud security concepts. Practical experience using penetration testing and scanning tools such as Qualys, Nessus, Metasploit, and Burp is essential.
- Outstanding communication, problem-solving, and analytical abilities, with a demonstrated capacity to mentor and positively influence less experienced team members.
Qualifications
- Minimum of five years of experience in cyber security risk assessments, with proven capability to conduct active and passive assessments and familiarity with various control frameworks.
Career Growth Opportunities
Our organization is devoted to fostering your professional development and career advancement. You will have access to a wealth of resources and support to help you thrive in your career while contributing to impactful projects.
Company Culture And Values
We pride ourselves on our vibrant culture, which promotes individual growth, inclusivity, innovation, and community support. Recognized consistently as one of the premier workplaces by leading industry publications, we are committed to diversity and inclusion, welcoming applicants from all backgrounds, and ensuring a supportive environment.
Networking And Professional Opportunities
As part of our dynamic team, you will have numerous opportunities for networking and collaboration, allowing you to connect with industry leaders and develop your professional skills within a supportive and engaging framework.
Employment Type: Full-Time