Manager, Cybersecurity Controls Job at Vantage Point Consulting Inc. in Washingt
Vantage Point Consulting Inc., Washington, DC, United States, 20022
The Manager, Cybersecurity Controls will oversee the implementation, management, and continuous improvement of Information Security Management System (ISMS) controls based on ISO 27001 and NIST standards. This role will support client reporting and audit/assessment requirements, as well as the assessment, remediation and reporting of cyber risk, identifying the appropriate controls and protocols to reduce or manage IT risk.
In this capacity, the Manager, Cybersecurity Controls will:
Demonstrate fluency with ISO 27002:2022 controls;
Support ISO 27001 efforts by evaluating (i.e., assessing or auditing), recommending, developing, coordinating, monitoring and maintaining cyber security policies, procedures, processes, standards,guidelines and controls library;
Manage or support the enforcement of the InfoSec policy, procedure and process portfolio, including standards, guidelines and processes to verify alignment to Firm and Client InfoSec requirements and make recommendations for improvement;
Lead the remediation efforts associated with gaps in the information security program based on ISO 27001 and 27002 standards, independent assessments, regulatory and Client requirements;
Ability to explain technical threats, controls and remediation activities to both technical and non-technical stakeholders;
Oversee and support the Firm's InfoSec responses to client assessments and presentations;
Operationalize guidelines and roadmaps into actionable project plans, as well as manage multiple workstreams across matrixed teams;
Implement and socialize security related standards, procedures, processes and guidelines, as well as enforce and monitor/track adoption across stakeholder groups;
Provide stakeholder guidance regarding the development of and provides quality assurance reviews to procedure, process, standards and guidelines deliverables to validate alignment to Firm and Client requirements;
Assist with the creation and maintenance of the Cyber risk register and associated remediation activities; and
Handles additional related projects as assigned.
In addition the Manager, Cybersecurity Controls will be expected to have:
Understanding of operational risks as related to technology solutions;
Awareness of additional information security standards (CSF, NIST, ISO), as well as the emerging cyber threat landscape;
Technical understanding of security auditing and assessment practices, applications, platforms and architectures;
Ability to develop and maintain a solid working relationship across multiple stakeholder groups; and
Strong analytical skills.
Proficiencies:
CISA, CISM, GSEC, CISSP or other security-related certification preferred;
Strong understanding of information security concepts and technologies;
Strong understanding of industry control frameworks, risk management concepts, frameworks, and methodologies;
Client facing experience (e.g., consulting);
Fundamental knowledge of the operation of law practices; and
Advanced knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.
Qualifications:
Bachelor degree in Information Security, Information Assurance, Computer Science, Information Systems, or other related field (two years of additional experience may be substituted for two years of college credits); and
At least seven (7+) years of combined information technology and information security experience (preferred).