Computer Consultants International, Inc. (CCI)
Virtual Chief Information Security Officer (ONSITE)
Computer Consultants International, Inc. (CCI), Columbia, Maryland, United States, 21046
SCOPE OF WORK
The vCISO shall provide expert virtual cybersecurity services up to twenty (20) hours a week during normal business hours except in the event of a security incident or breach. HCC seeks a fresh perspective on its security measures and protocols to not only improve its posture, but also to identify new risks and opportunities. The vCISO will also be responsible for leading HCC’s efforts to address the nine (9) elements of the Gramm-Leach-Bliley Act (GLBA) for compliance purposes.
Perform a detailed cyber risk assessment that includes the following, but not limited to:
Identifying, estimating, and prioritizing information cyber security risks at college;
Examining HCC's current technology, security controls, policies, and procedures to assess potential threats or attacks;
Evaluating HCC's threat landscape, vulnerabilities, and cyber gaps that pose a risk to its assets.
Act as HCC’s Qualified Individual (QI)
to present quarterly reports to HCC Board of Trustees and leadership as required and specified by GLBA.
Develop an information security program
using a framework such as National Institute of Standards and Technology (NIST) 800-53, Center of Internet Security (CIS) Critical Security Controls, or CIS Implementation Group 1 (IG1) that protects HCC in accordance with GLBA security requirements.
Provide information security leadership, communication, investigation, mitigation, containment and post-incident analysis
in the event of a cyber incident.
Update and enhance existing cybersecurity policies and procedures
as required by GLBA. The policies include but not limited to:
Vulnerability management
Data management
Incident response
Software management
Hardware asset management
Provide guidance
when analyzing real-time threat analysis identified by HCC’s security operations center.
Perform third-party and partner evaluations
using the Higher Education Community Vendor Assessment Toolkit (HECVAT).
Develop and implement the strategy
to conduct regular security audits and assessments to identify vulnerabilities and ensure compliance with security policies.
Write a clear and concise incident response plan
that meets industry standards.
Participate in meetings as needed . (i.e. weekly, monthly, quarterly, ad hoc, etc). Under normal circumstances, in-person meetings are not required. In the event of an incident or breach, an in-person meeting may be required.
CYBERSECURITY INCIDENT OR BREACH
In the event of a cybersecurity incident or breach, the vCISO will:
Notify HCC within twenty-four (24) hours of the discovery of an incident or breach by telephone and in accordance with the agreed upon incident response plan unless a shorter notice time is required by law.
Implement the incident response plan, ensuring that all relevant teams are mobilized and aware of their roles and responsibilities.
Oversee the initial assessment to understand the scope and impact of the incident or breach.
Coordinate with internal stakeholders, including senior management and the board of directors, to keep them informed about the incident or breach and the steps being taken to address it.
Lead the investigation to determine the cause of the incident or breach, how it occurred, and what data or systems were affected.
Oversee the remediation efforts to fix vulnerabilities and restore affected systems.
Ensure that all actions taken during the incident or breach response are thoroughly documented.
Conduct a post-incident review to evaluate the response and identify lessons learned.
Provide a full written report of the incident, nature of the breach, compromised information, and correction actions taken to prevent future incidents or breaches.
All devices and equipment necessary to perform duties under this contract will be provided by HCC.
QUALIFICATION REQUIREMENTS
EDUCATION
At a minimum, the Contractor must possess a bachelor’s degree in cybersecurity, computer science, information technology, or a related field from an accredited higher education institution in the United States. A master’s degree is preferred.
EXPERIENCE
IT Security: The Contractor must possess at least 7-10 years of experience in IT security-related roles such as security analyst, network administrator, or similar positions.
Leadership: The Contractor must possess experience in management or leadership roles as CISOs need to lead teams and make strategic decisions.
CERTIFICATION(S)
The Contractor must possess at least one of the following related certifications:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
KNOWLEDGE & SKILLS
Technical Skills: Demonstrates a deep understanding of information security principles, practices, and technologies.
Leadership and Communication: Possess strong leadership, communication, and strategic planning skills are essential.
Compliance and Risk Management: Possess knowledge of regulatory requirements and risk management practices.
CONTINUING EDUCATION
With the cybersecurity industry constantly evolving, the Contractor shall remain up to date on the latest trends and threats and prioritize continuing education.
Job Types: Contract, Temporary
Pay: $60.00 - $65.00 per hour
Benefits:
Health insurance
Schedule:
Monday to Friday
Work Location: In person
#J-18808-Ljbffr
The vCISO shall provide expert virtual cybersecurity services up to twenty (20) hours a week during normal business hours except in the event of a security incident or breach. HCC seeks a fresh perspective on its security measures and protocols to not only improve its posture, but also to identify new risks and opportunities. The vCISO will also be responsible for leading HCC’s efforts to address the nine (9) elements of the Gramm-Leach-Bliley Act (GLBA) for compliance purposes.
Perform a detailed cyber risk assessment that includes the following, but not limited to:
Identifying, estimating, and prioritizing information cyber security risks at college;
Examining HCC's current technology, security controls, policies, and procedures to assess potential threats or attacks;
Evaluating HCC's threat landscape, vulnerabilities, and cyber gaps that pose a risk to its assets.
Act as HCC’s Qualified Individual (QI)
to present quarterly reports to HCC Board of Trustees and leadership as required and specified by GLBA.
Develop an information security program
using a framework such as National Institute of Standards and Technology (NIST) 800-53, Center of Internet Security (CIS) Critical Security Controls, or CIS Implementation Group 1 (IG1) that protects HCC in accordance with GLBA security requirements.
Provide information security leadership, communication, investigation, mitigation, containment and post-incident analysis
in the event of a cyber incident.
Update and enhance existing cybersecurity policies and procedures
as required by GLBA. The policies include but not limited to:
Vulnerability management
Data management
Incident response
Software management
Hardware asset management
Provide guidance
when analyzing real-time threat analysis identified by HCC’s security operations center.
Perform third-party and partner evaluations
using the Higher Education Community Vendor Assessment Toolkit (HECVAT).
Develop and implement the strategy
to conduct regular security audits and assessments to identify vulnerabilities and ensure compliance with security policies.
Write a clear and concise incident response plan
that meets industry standards.
Participate in meetings as needed . (i.e. weekly, monthly, quarterly, ad hoc, etc). Under normal circumstances, in-person meetings are not required. In the event of an incident or breach, an in-person meeting may be required.
CYBERSECURITY INCIDENT OR BREACH
In the event of a cybersecurity incident or breach, the vCISO will:
Notify HCC within twenty-four (24) hours of the discovery of an incident or breach by telephone and in accordance with the agreed upon incident response plan unless a shorter notice time is required by law.
Implement the incident response plan, ensuring that all relevant teams are mobilized and aware of their roles and responsibilities.
Oversee the initial assessment to understand the scope and impact of the incident or breach.
Coordinate with internal stakeholders, including senior management and the board of directors, to keep them informed about the incident or breach and the steps being taken to address it.
Lead the investigation to determine the cause of the incident or breach, how it occurred, and what data or systems were affected.
Oversee the remediation efforts to fix vulnerabilities and restore affected systems.
Ensure that all actions taken during the incident or breach response are thoroughly documented.
Conduct a post-incident review to evaluate the response and identify lessons learned.
Provide a full written report of the incident, nature of the breach, compromised information, and correction actions taken to prevent future incidents or breaches.
All devices and equipment necessary to perform duties under this contract will be provided by HCC.
QUALIFICATION REQUIREMENTS
EDUCATION
At a minimum, the Contractor must possess a bachelor’s degree in cybersecurity, computer science, information technology, or a related field from an accredited higher education institution in the United States. A master’s degree is preferred.
EXPERIENCE
IT Security: The Contractor must possess at least 7-10 years of experience in IT security-related roles such as security analyst, network administrator, or similar positions.
Leadership: The Contractor must possess experience in management or leadership roles as CISOs need to lead teams and make strategic decisions.
CERTIFICATION(S)
The Contractor must possess at least one of the following related certifications:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
KNOWLEDGE & SKILLS
Technical Skills: Demonstrates a deep understanding of information security principles, practices, and technologies.
Leadership and Communication: Possess strong leadership, communication, and strategic planning skills are essential.
Compliance and Risk Management: Possess knowledge of regulatory requirements and risk management practices.
CONTINUING EDUCATION
With the cybersecurity industry constantly evolving, the Contractor shall remain up to date on the latest trends and threats and prioritize continuing education.
Job Types: Contract, Temporary
Pay: $60.00 - $65.00 per hour
Benefits:
Health insurance
Schedule:
Monday to Friday
Work Location: In person
#J-18808-Ljbffr