Director, CybersecuRITY ADVISORY SERVICES

Join a rapidly growing small business where you will partner directly with the founder/owner and a small team of cybersecurity policy and compliance experts to expand the business in several cybersecurity advisory service areas. Inspire growth and technical proficiency across the delivery team. Work across a wide spectrum of computing environments, including simple and complex on-premises corporate environments, modern commercial cloud-hosted applications, hybrid deployment models, and everything in between.  

Job Type: Direct Hire   Opportunity

Location: 100% Remote

Travel: Up to 10%  annually 

Clearance: Secret  (Preferred) 

Minimum Education: Bachelor’s Degree in IT Field (Preferred)

Certification(s): Cybersecurity or IT Related Certification 

Minimum Years of Professional Experience: 8 Years 

• Perform security control assessments to determine organizational compliance against one or more defined security frameworks. 
• Perform vulnerability assessments to identify network, operating system, and application vulnerabilities using automated tools, and manual reviews activities. 
• Assess system architecture diagrams, data flow diagrams, and system integrations for security design flaws or weaknesses and recommend improvements. 
• Identify responsibility for security control implementation when shared among cloud service providers, application owners, and information owners. 
• Evaluate available technology on the market and recommend solutions to address security vulnerabilities. 
• Build customized professional development plans for new staff based on their strengths, weaknesses, and evolving market demands.
• Perform team management to ensure project deliverables meet quality standards and are delivered on-time and within budget.
• Develop standardized and repeatable assessment templates and tools to enhance the team’s ability to perform advisory services using a mix of available staff, maintaining  high quality results.
• Develop security implementation roadmaps and guide customers through prioritized action plans. 
• Serve as the technical advisor to organizational leaders and decision-makers as it relates to cost-effective   security implementation. 

• Expert knowledge and experience implementing one or more of the following security control sets/frameworks:

                     o NIST 800-53

                     o NIST 800-171

                     o NIST Cyber Security Framework (CSF)

                     o FedRAMP

                     o HiTRUST

                     o ISO 27001

                     o CIS Controls

• Experience building a minimum of 5 security test plans that cover the tools, methods, and techniques for validating one or more security control sets defined above. 
• Proficiency assessing NIST 800-53 controls for implementation status across a complex network with multiple technology types: network devices, virtual machines, custom software, and cloud services.
• Proficiency defining a shared security model based among various IaaS, PaaS, and SaaS services (host vs. tenant responsibilities).
• Minimum of 4 years’ experience assessing the entire system-development lifecycle for security control compliance. (Preferably for cloud-hosted applications). 

• FedRAMP process expertise and past FedRAMP Program Management Office (PMO) collaboration. 
• Experience performing ISO 27001 security assessments and consultation. 
• Ability to identify the security services and secure configuration settings required to operate a fully cloud-hosted MS Azure data environment (e.g., Active Directory, Sentinel, Qualys, Log Analytics, Defender for Endpoint). 
• Experience performing DoD Risk Management Framework (RMF) with full security control implementation, including all technical controls. 
• Experience with DevOps and methods for integrating security within the DevOps process. 

 A successful candidate will be a self-motivated security professional, who is not afraid of being “hands-on” with clients looking to remediate open vulnerabilities, but aspires to transition into a director-level management role as the team grows. The candidate must be passionate about exploring new cloud security tools, working with new technology, and exploring industry best practices for security compliance to better deliver advice and credible recommendations to a growing company and our valued clients.