Manager, Cyber Assessment (Security Assessor - SRM) - Remote

Overview

Remote
Depends on Experience
Contract - W2
Contract - 12 Month(s)
No Travel Required

Skills

NIST 800-53
Risk assessment
NIST SP 800 Series
IT security

Job Details

Years of Experience: 5-8 years
Type of Experience: Experience performing cyber security risk assessments and control reviews based on control frameworks such as NIST 800-53, NIST 800-171, FedRAMP, or CMMC; experience conducting active and passive assessments.

Job Summary
This role performs information security risk assessments of technology-enabled projects, advise project teams on compensating control alternatives, and act as the primary point of contact between IT project teams and Cyber Security groups. This role also functions as a subject matter expert in several cyber security domains and may oversee work product(s) and lead small projects.

Principal Responsibilities
Apply a thorough understanding of information security to perform information security risk assessments of technology enabled projects against industry standard or firm-specific control frameworks. Activities may include a variety of techniques, including vendor reviews, security requirement definition, and facilitation of security testing and management of residual risk. Assessment methodologies may include a combination of active and passive testing approaches, including penetration testing.
Advise and guide project teams regarding compensating control alternatives where security requirements cannot be met.
Act as the primary point of contact between IT project teams and Cyber Security groups to help ensure that appropriate security resources are scheduled and that security-related project objectives and timelines are met. Review evidence provided to close corrective action plans, ensuring that it meets the control objectives.
Perform assessments tests and provide information and recommendations; assessment techniques may include control and evidence review, penetration testing, or scanning platforms. Stay abreast with the latest security assessment trends, tools, and techniques collect evidence as needed to support security reviews and ensure evidence is properly maintained Execute Vendor Security assessments. Activities include evaluation of vendor controls and practices, process enhancements, performing on site assessments, reviewing security test reports, and analyzing and developing security requirements.
Communicate and track remediation plans with vendors and IT teams and where applicable, recommending mitigating/compensating controls
Liaise with IT and other representatives of assigned business functions to ensure that project pipelines are understood and that project priorities are reflected in IT Risk & Security s resource planning
Function as a subject matter expert in several IT security domains including but not limited to access control, cryptography, and monitoring
May oversee work product(s) and lead entire small projects, managing deadlines, expectations, and often contributing to staffing decisions and supervising the work performed by more junior staff; provide coaching, mentoring and feedback to such individuals and will also serve as a formal performance manager of a team of junior employees
Qualifications
CISSP or CISA preferred; CEH, GPEN, OSCP or OSCE certifications are a plus
Familiarity with NIST 800-53, NIST 800-171, NIST 800-66, CMMC, NIST Framework, ISO, HITRUST, PCI, and/or other relevant control frameworks
Demonstrated experience understanding of security principles, IT security controls and related technologies and products
Solid foundation of cloud network security concepts and hands on experience of penetration testing in cloud; deep knowledge; solid understanding of network security and network penetration testing
Experience working with scanning tools such as Qualys, Nessus, Metasploit and Burp as well as knowledge of common and emerging security risks
Strong verbal/written communication, problem solving, analytical and independent judgment skills to support an environment driven by customer service and teamwork. Ability to positively influence, mentor and be a credible source of knowledge to less experienced team members.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About eSolutionsFirst, LLC