Risk Management Services Manager

The Risk Management Services Manager identifies industry standards and regulatory guidelines for information security in order to minimize the risk of compromise of sensitive business systems. They help develop, maintain, and evaluate organizational security policies and procedures, and they work closely with engineering and operations teams to ensure systems controls meet security requirements.

This position will report to Chief Operating Officer.

Essential Functions

Drive the team's growth and development from a revenue perspective including presales, delivery of security engagements, statement of work (SOW), vCISO and account management.

Build resource management plan for Risk Management Services team.

Routinely review tools and technologies that will enhance teams' ability to deliver services in a cost-effective manner.

Assist in the building of necessary scoping documents to size customer engagements.

Work closely with Client Success Managers in client engagement.

Present at a conference or participate on a panel (in person or virtually) no less than 5 times in a calendar year.

Provide input as needed towards corporate messaging and marketing.

Work with Sales team as needed to provide input and assist in closing deals where necessary.

Understand applicable regulations, guidelines, and industry best practices to manage risk and ensure compliance.

Develop, maintain, or audit security documentation such as policies, standards, and procedures.

Monitor internal control effectiveness.

Conduct internal security assessments to ensure continued compliance.

Explain roles in managing risk to partners and get buy-in to improve the organizational risk posture.

Review, implement, update, and document information security policies and procedures.

Advise Risk Management and Cybersecurity Office leadership regarding cybersecurity status.

Manage security audits, vulnerability and threat assessments, and direct responses to network or system intrusions.

Ensure fulfillment of information security mandates, including providing leadership with compliance reports and audit findings.

Keep abreast of industry security trends and developments, as well as applicable government regulations.

Research, evaluate, and recommend new security tools, techniques, and technologies and introduce them to the enterprise in alignment with IT security strategy.

Create and execute strategies to improve the reliability and security of IT projects.

Respond immediately to security-related incidents and provide a thorough post-event analysis.

Lead, develop and grow the penetration testing team.

Contribute to the establishment of new service lines.

Ensure that the team meets utilization targets in line with expectations.

Assist and support consultants with their professional development and attainment of qualifications.

Required Skills and Experience

Bachelor's degree, or higher, in computer engineering, computer science, IS or cybersecurity-related discipline, or equivalent five (5) years' experience in information assurance or systems and network security.

Minimum of five (5) years leadership experience serving as an information security manager or information assurance/engineering team lead.

Demonstrated experience presenting briefings to senior customer management and customer stakeholders.

Advanced security DODD 8570 certification, e.g., CISM, CISSP, CND, CSA, Security+.

Demonstrated leadership experience with RMF and accreditation processes (e.g., NIST800-53, ICD503).

Demonstrated hands-on experience with accreditation tools (e.g., Xacta, Nessus, AppDetective, WebInspect, Metasploit or Rapid 7, Core Impact or Cobalt Strike).

A cloud-based industry security certification (e.g., CCSP, Microsoft Azure Security Engineer).

Must have experience in Incident Response Planning and/or Table Top Exercise.

Experience in Threat & Risk Assessment & Privacy Impact Assessment.

Must be familiar with NIST, CIS Benchmark, ISO27001 and AWS GovCloud Security.

Preferred Skills, Experience, Degrees or Certifications

Experience securing infrastructure solutions and applications deployed in public and/or community cloud environments.

Experience implementing secure DevOps methodologies.

Experience integrating AWS with DevSecOps teams.

Must be able to obtain, maintain and/or currently possess a security clearance.

Job Type

Full-time/Exempt

Location

80% Remote/20% Travel

#J-18808-Ljbffr