Direct Hire | Consulting | Lehi, UT | Apply Now
The Cyber Security Manager is responsible for managing and performing engagements related to a variety of technical assessments. Managers must have deep subject matter expertise, the ability to interface directly with clients to lead successful and positive engagements, and the capacity to manage and mentor teams of junior resources.
The Cyber Security Manager is an integral part of delivery team and is responsible for reviewing draft deliverables, building relationships with client contacts, and providing technical guidance and consulting during engagements. Because much of the work takes place on-site at client locations, frequent travel will be required.
RESPONSIBILITIES:
- Managing and performing technology control assessments in a wide variety of business environments, including:
- Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
- Information Technology Operational and Cyber Security Assessments in accordance with industry frameworks, such as COBIT 5, ISO 27001, ISO 27005, and NIST SP 800-30/Cybersecurity Framework
- HIPAA Security Rule and HITECH Act Compliance
- Cloud Security Compliance
- Assisting clients with the performance of Business Impact Analyses (BIAs) along with development of business continuity and disaster recovery plans (BCPs and DRPs)
- Managing and performing Service Organization Control Examinations in accordance with AICPA requirements (SOC 1 SSAE 16, SOC 2 AT 101, SOC 3 AT 101)
- Providing data classification services
- Developing information technology and security policies and procedures
- Providing trusted advisory services and guidance to clients that will reduce organizational risk and improve their overall security posture
- Preparing and reviewing reports and other deliverables that contain strategy, technical analysis, and findings in connection with our advisory and assessment engagements and communicating those results to client management
- Managing staff in the completion of engagements on time with limited necessary revision
- Maintaining an up-to-date technical acumen
- Leading client meetings and presenting at networking events (e.g. (ISC)2, ISACA, IAPP)
- Assisting with business development activities, as a subject matter expert, including proposal development and sales calls
- Preparing proposals and statements of work for future engagements
- Assisting in the growth of the team by identification of resources
SUPERVISORY RESPONSIBILITIES:
- Managing teams of consultants and senior consultants in client engagements.
EXPERIENCE:
- 4+ years of relevant experience in the field(s) of IT Audit, Consulting, and/or Security, Privacy or Risk Management.
GENERAL SKILLS:
- Understanding of or experience with industry and regulatory standards, including PCI, NIST SP 800-30, ISO 27000 series, HIPAA Security Rule and HITECH Act, and information security requirements of Generally Accepted Privacy Principles (GAPP)
- Working knowledge of network, system, database, and application-level security
- Advanced written and verbal communication skills
- Strong interpersonal skills and the ability to foster close professional relationships with clients
- Strong project management skills and the ability to manage multiple projects and teams in parallel
- Strong analytical skills and the ability to understand complex client business processes
- An understanding of the importance of business ethics
- Qualities such as professionalism, attention to detail, strong organizational skills, team-focus, dedication, resourcefulness, and an eagerness to learn
- Strong proficiency with Microsoft Windows, Mac OS X, and the Microsoft Office suite of products, (i.e. Word, Excel, Visio, PowerPoint)
TECHNICAL SKILLS:
- IT governance, operations, and resource planning
- Information system architecture and security controls, including:
- Firewalls and routers
- Intrusion detection and prevention systems
- Operating systems (e.g., Windows, Linux, Unix, iSeries)
- Remote access systems
- Applications
- Databases (e.g., SQL, Oracle, DB2)
- Symmetric and asymmetric cryptography
- Systems Development Life Cycle (SDLC) and change management
- Information system implementation processes
- Systems administration and computer operations
- Threat and vulnerability management
- Incident response preparation and management
- Data backup and recovery practices
- Logical access controls (e.g., Active Directory)
- Physical and environmental security controls
EDUCATION:
- Bachelor’s degree in Management Information Systems, Computer Information Systems, Computer Science, or a related field;
- Obtained or working towards Certified Information Systems Security Professional (CISSP) certification. (Candidates that do not yet possess the CISSP will be required to obtain the certification after hire.)
- CISA, CIPP, CISM, PCI-QSA, or related certifications are a plus.
TRAVEL REQUIRED: Up to 50%.
Apply Now
