This position’s primary duties are to participate in and oversee Integrity’s Security Consulting division including the consultants who provide IT risk management, information security and compliance consulting services to clients in a variety of industries.
- Develop and implement process to ensure consistent service delivery, oversee client engagements and reporting including development of an annual department budget and manage department expenses to align with budget forecasts.
- Lead vCISO engagements by acting as the CISO or senior information security leader to drive information security and IT risk management within each unique client environment.
- Audit, test or review system architecture and implementation for compliance with best practices and/or regulatory compliance.
- Perform risk assessments of IT infrastructure or applications and make recommendations for improvements based on the client’s stated risk tolerance levels. Review and recommend administrative, technical and physical controls to mitigate identified risk. Develop information security policies, standards and baselines.
- Design or review disaster recovery and business continuity plans including business impact assessments, RPO / RTO recommendations and test cases.
- Contribute to marketing activities such as writing blog postings, social media updates, and attendance at trade shows, conferences or professional development chapter meetings.
- Perform initial needs analysis and work with Client Engagement team to build statement of work to drive business development efforts. Identify additional opportunities within existing client base and work with client to expand usage of Integrity’s service portfolio.
- Provide strategic leadership and budgeting for the division setting goals and objectives for profitability, service delivery and client satisfaction.
Skills and Qualifications
- Strong attention to detail and ability to document findings.
- Experience aligning risk and controls to NIST, ISO27000, HIPAA, FISMA, SSAE16/SOC, PCI
- Ability to manage project deliverables and deadlines.
- Ability to provide superior customer service via phone and email.
- Demonstrated experience reviewing and recommending appropriate administrative, technical and physical controls.
- Ability to develop policies, standards and baseline configurations,
- Ability to identify and evaluate risk to IT systems, communicate risk to management
- Select and implement appropriate risk mitigation strategies to ensure IT systems remain within established risk tolerance levels.
- Ability to clearly communicate with co-workers, management, clients and vendors
- Maintain a professional appearance and vocabulary
- Experience managing a team of information security professionals
Professional certification is required for this position. Acceptable certifications are CISSP, GIAC, CISM, CISA, CRISC, C|CISO or equivalent.