Lead Cybersecurity Consultant

EOE Statement We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law. Category Professional Services Description Overview Seeking an opportunity to build amazing client relationships and solve mission critical, strategic problems? We are ROCIMG, a consulting firm serving the federal government and commercial clients with a focus on strategy, transformation, program management, technology and cybersecurity. We are a rising company with rich client experiences and great references. We develop enduring partnerships with our clients to resolve complex, mission-critical challenges, and help them to accomplish their strategic and operational goals. We have a vision for becoming our customers preferred adviser and provider of digital transformation, business, technology and cybersecurity services. As we continue to grow our business, we are looking for a Lead Cybersecurity Consultant to join our delivery team. As the Lead Cybersecurity Consultant on our team, you'll use your experience to work with diverse organizations to discover their cyber risks, understand applicable policies, and formulate mitigation plans. You'll develop practice guides, and review technical, environmental, and personnel details from organizations to assess the entire threat landscape. Then, you'll guide your client through a plan of action with presentations, white papers, and milestones. You'll work with your client to translate security concepts, so they can make the best decisions to secure their environment. This is your opportunity to act as an information security subject matter expert while broadening your skills in various emerging concepts and technologies. Join us as we help advance our client's security posture. Position Requirements Responsibilities Review existing documentation of IT controls, business processes, policies, procedures, and management reports for effectiveness and sustainability Review, document, evaluate, and test manual and automated computer controls Conduct risk assessments on business and operational processes, procedures, and policies Interpret assessment results and make conclusions on the adequacy and reliability of controls; develop recommendations to remediate gaps; prepare and present reports as necessary Advise clients on cybersecurity matters and how to address and mitigate risks Conduct gap analysis via testing and recommend specific actions to fix gaps in processes and/or process management Prioritize control projects based on severity of risk and non-compliance Lead and support governance, risk and compliance related projects, e.g., policy development Support marketing, sales, business development and proposal activities Support recruiting, mentoring, team building and other internal operations tasks to strengthen and grow the practice Formal Education & Certification Minimum Bachelor's degree in Cybersecurity or technology related degree Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) designations preferred Knowledge & Experience 5 years of experience with security program assessments, risk assessments, compliance assessments, and mitigation planning Strong familiarity with cybersecurity governance and controls frameworks, such as NIST CSF, NIST 800-53, CMMC, and ISO 27000 Familiarity with SOX compliance requirements Ability to carry out assessment interviews, documentation review, and perform analysis across diverse levels of key stakeholders Ability to develop policies, procedures, and other documentation Solid experience in testing, evaluating, and documenting controls for compliance Strong project management skills Expertise with flowcharting software tools (e.g., Visio) Hands-on experience building reports, tools and presentations with Microsoft Word, Excel, and PowerPoint Ability to develop strategy and materials to present to client stakeholders and leadership Can adapt to shifting priorities, demands, and timelines through analytical and problem solving capabilities Ability to manage and collaborate with multidisciplinary teams Reacts to project adjustments and alterations promptly and efficiently Adept at conducting research into project-related issues and products Ability to effectively prioritize and execute tasks in a high-pressure environment is crucial Excellent verbal, interview, and diplomacy skills Excellent written and oral communication skills Preferred Experience with cybersecurity strategy development, policy development, control design, control implementation, control management, audit and compliance Knowledge of threat modeling, kill chain analysis, risk optimization principles Knowledge of system administration, network, and operating system hardening techniques Knowledge of system life cycle management principles, including software security and usability Project management experience Location Gaithersburg, MD; Hybrid This is a consulting role and so on site work may be required in the DC-Baltimore Metropolitan region Additional Requirements Education and certifications will be verified for this position This position requires successful completion of a background check and employment verification US citizenship is required for suitability investigation Benefits Medical, Rx, Dental & Vision Insurance Company Paid Time Off and Paid Holidays 401(k) Retirement Plan Skills Development & Certifications Employee Referral Program Full-Time/Part-Time Full-Time Salary Salary Range: $115K - $125K, bonus Final salary is determined by factors including, but not limited to, relevant work experience, skills and competencies that align to the specified role, geographic location, education and certifications. Exempt/Non-Exempt Exempt Location Gaithersburg About the Organization ROCIMG is focused on being the best idea development, implementation, and management consulting firm that partners with our clients to deliver their preferred future, through the efforts of excellent people while growing the economy. We develop enduring partnerships with our clients to successfully navigate and resolve complex, mission-critical challenges, and deliver results that accomplish their strategic and operational goals. This position is currently accepting applications.