Job Overview
We are seeking a talented and motivated Manager, Cyber Assessment to join our esteemed Enterprise Security Services team in a fully remote capacity. This role is pivotal in enhancing our organization’s information security posture and ensuring compliance with industry standards.
Key Responsibilities
- Conduct thorough information security risk assessments for diverse technology projects, leveraging both industry-standard and firm-specific control frameworks.
- Facilitate vendor reviews, define security requirements, and enhance security testing processes to manage residual risks effectively.
- Employ active and passive assessment techniques to rigorously evaluate security controls.
- Provide strategic counsel to project teams on compensating control alternatives when security requirements are unmet.
- Serve as the principal liaison between IT project teams and Cyber Security groups, coordinating resources to meet project objectives and timelines.
- Review and verify evidence to close corrective action plans ensuring alignment with control objectives.
- Stay informed on the latest trends, tools, and methodologies in security assessment, maintaining proper documentation of evidence.
- Execute vendor security assessments, including the evaluation of vendor controls and the development of essential security requirements.
- Communicate and track remediation plans in collaboration with vendors and IT teams, advising on necessary mitigations or compensating controls.
- Collaborate with representatives from IT and other business functions to align project priorities with IT Risk and Security planning.
- Act as a subject matter expert in IT security domains such as access control, cryptography, and monitoring.
- Manage smaller projects, adhere to deadlines, and contribute to staffing decisions, while providing coaching and mentorship to junior members.
Required Skills
- A minimum of five years of pertinent experience in cyber security risk assessments and control reviews based on frameworks like NIST 800-53, NIST 800-171, FedRAMP, or CMMC.
- A bachelor's degree from an accredited institution is preferred; professional certifications such as CISSP or CISA are advantageous, along with CEH, GPEN, OSCP, or OSCE certifications.
- Proficiency in both active and passive assessment methodologies, and familiarity with control frameworks like NIST, ISO, HITRUST, PCI, etc.
- In-depth understanding of security principles, IT security controls, network security, and cloud security concepts, with practical experience using penetration testing and scanning tools such as Qualys, Nessus, Metasploit, and Burp.
- Exceptional communication, analytical, and problem-solving skills, along with the ability to mentor junior team members and positively influence their development.
Career Growth Opportunities
Joining our organization provides a unique opportunity for professional advancement in the field of cybersecurity. You will be part of a thriving community that values learning and development.
Company Culture And Values
We pride ourselves on our vibrant culture that promotes personal growth, inclusivity, innovation, and community support. Our commitment to diversity and inclusion is unwavering, ensuring a welcoming environment for all.
Networking And Professional Opportunities
As part of our team, you will have ample opportunities for networking and collaboration with industry professionals, enhancing your career trajectory and skillset.
Compensation And Benefits
We offer a competitive salary paired with a comprehensive benefits package designed to support your overall well-being and professional growth. Our offerings include medical and dental insurance, vision coverage, disability and life insurance, a 401(k) plan, personal time off, and firmwide breaks to foster a healthy work-life balance.
How To Apply
If you are eager to make a difference and advance your career, we welcome your application. We review submissions on a rolling basis and look forward to considering you for this strategic role.
Employment Type: Full-Time