Risk Management Services Manager

The Risk Management Services Manager identifies industry standards and regulatory guidelines for information security in order to minimize the risk of compromise of sensitive business systems.

They help develop, maintain, and evaluate organizational security policies and procedures, and they work closely with engineering and operations teams to ensure systems controls meet security requirements.

This position will report to Chief Operating Officer

Essential Functions

• Drive the team’s growth and development from a revenue perspective including presales, delivery of security engagements, statement of work (SOW), vCISO and account management.
• Build resource management plan for Risk Management Services team
• Routinely review tools and technologies that will enhance teams’ ability to deliver services in cost effective manner
• Assist in the building of necessary scoping documents to size customer engagements
• Work closely with Client Success Managers in client engagement
• Present at a conference or participate on a panel (in person or virtually) no less than 5 times in a calendar year
• Provide input as needed towards corporate messaging and marketing
• Work with Sales team as needed to provide input and assist in closing deals where necessary
• Understanding applicable regulations, guidelines, and industry best practices to manage risk and ensure compliance.
• Developing, maintaining, or auditing security documentation such as policies, standards, and procedures.
• Monitoring internal control effectiveness.
• Conducting internal security assessments to ensure continued compliance.
• Explaining roles in managing risk to partners and getting buy-in to improve the organizational risk posture.
• Reviewing, implementing, updating, and documenting information security policies and procedures.
• Advising Risk Management and Cybersecurity Office leadership regarding cybersecurity status.
• Managing security audits, vulnerability and threat assessments, and direct responses to network or system intrusions.
• Ensuring fulfillment of information security mandates, including providing leadership with compliance reports and audit findings.
• Keeping abreast of industry security trends and developments, as well as applicable government regulations.
• Researching, evaluating, and recommending new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy.
• Creating and executing strategies to improve the reliability and security of IT projects.
• Responding immediately to security-related incidents and provide a thorough post-event analysis.
• Lead, develop and grow the penetration testing team.
• Contribute to the establishment of new service lines.
• Ensure that the team meats utilisation targets in line with expectation.
• Assist and support consultants with their professional development and attainment of qualifications.

Required Skills and Experience

• Bachelor’s degree, or higher, in computer engineering, computer science, IS or cybersecurity-related discipline, or equivalent five (5) years’ experience in information assurance or systems and network security.
• Minimum of five (5) years leadership experience serving as an information security manager or information assurance / engineering team lead.
• Demonstrated experience presenting briefings to senior customer management and customer stakeholders.
• Advanced security DODD 8570 certification, e.g., CISM, CISSP, CND, CSA, Security+.
• Demonstrated leadership experience with RMF and accreditation processes (e.g., NIST800-53, ICD503).
• Demonstrated hands on experience with accreditation tools (e.g., Xacta, Nessus, AppDetective, WebInspect, Metasploit or Rapid 7, Core Impact or Cobalt Strike).
• A cloud-based industry security certification (e.g., CCSP, Microsoft Azure Security Engineer).
• Must have experience in Incident Response Planning and / or Table Top Exercise.
• Experience in Threat & Risk Assessment & Privacy Impact Assessment.
• Must be familiar with NIST, CIS Benchmark, ISO27001 and AWS GovCloud Security.

Preferred Skills, Experience, Degrees or Certifications

• Experience securing infrastructure solutions and applications deployed in public and / or community cloud environments.
• Experience implementing secure DevOps methodologies.
• Experience integrating AWS with DevSecOps teams.
• Must be able to obtain, maintain and / or currently possess a security clearance.

Job Type

Full-time / Exempt

Location

80% Remote / 20% Travel