HM Note: This hybrid role allows the candidate to work remotely, and the candidate needs to go to the office when required.
Experience required:
-
7+ years of robust experience in a hands-on security role, supporting incident response, threat intelligence, secure architecture, and other security assurance activities.
-
In-depth knowledge and experience with industry standards and security frameworks such as NIST 800-53, ISO/IEC 27001, CIS, Etc.
-
Knowledge and experience working with SOC Audit reports, including SOC 2 Type 2.
-
Extensive knowledge in cyber risk management frameworks, conducting threat risk assessments, and recommending mitigations to reduce or eliminate identified risks.
-
Knowledge of cybersecurity concepts, including threats, vulnerabilities, security operations, cloud security, encryption, defense-in-depth, auditing, authentication, risk management, and has a track record of driving security solutions.
-
Strong understanding of Cyber Kill Chain, MITRE ATT&CK, Diamond Model of Intrusion Analysis, and Indicators of Compromise (IOCs).
-
Experience in developing and deploying security training and awareness campaigns across organizations.
-
Strong interpersonal capabilities to effectively liaise with stakeholders ranging from technical teams to senior executives within the organization. Adeptness in understanding, managing, and aligning stakeholder expectations.
-
Demonstrated experience in developing and maintaining comprehensive documentation. Strong technical and business writing capabilities.
-
Agile responsiveness to evolving project dynamics, ability to pivot strategies based on emerging challenges or changes in project requirements.
-
Solid experience in fostering and managing relationships with external vendors and ensuring optimal service levels and performance benchmarks are met.
-
Exceptional written and oral communication skills, proficient in translating intricate technical details into clear, comprehensible insights for stakeholders irrespective of their technical aptitude.
Deliverables
The Senior Cyber Security Specialist is expected to play a pivotal role in the successful execution of a robust cyber security program. Their responsibilities and expectations encompass the following:
-
Support the development of a comprehensive cybersecurity program tailored to the organization's specific needs, risk profile, and regulatory requirements.
-
Create and maintain cybersecurity policies, procedures, and guidelines that align with industry best practices and standards.
-
Conduct regular risk assessments to identify vulnerabilities and threats, and establish risk mitigation strategies and incident response plans.
-
Ensure that the organization complies with all relevant cybersecurity regulations and standards.
-
Support the development and delivery of cybersecurity training and awareness programs to educate employees on best practices.
-
Establish and manage an effective incident response plan, including incident detection, containment, recovery, and post-incident analysis.
-
Research and recommend cybersecurity tools, technologies, and solutions to enhance the security posture of the organization.
-
Oversee third-party vendors and service providers to ensure their security measures align with the organization's standards.
-
Coordinate and conduct regular security audits and assessments to evaluate the effectiveness of the cybersecurity program.
-
Generate regular reports and documentation on the cybersecurity program's status, risks, and compliance.
-
Defines, evaluates, and assesses security architecture requirements for system environments and IT projects.
-
Ensures the incorporation of IT security and contingency measures in the development of systems.
-
Support security projects and tasks within the agency as assigned.
Desirable Qualifications:
-
Educational Background: A bachelor's degree in Information Technology, Computer Science, or related disciplines.
-
Relevant professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Systems Security Certified Practitioner (SSCP), CompTIA Security+, GIAC Certifications
Must Haves:
-
This is a new security modernization project from OPS. Resource will be reviewing vendor security.
-
Resource will need to have experience reviewing SOC 2 Type 2 documentation and writing recommendations for enhancements based on the report findings.
-
Strong preferences for a resource with any one of these relevant certifications:
-
Certified Information Systems Security Professional (CISSP)
-
Certified Cloud Security Professional (CCSP)
-
Systems Security Certified Practitioner (SSCP)
-
CompTIA Security+
-
GIAC Certifications