Cyber Security Manager - AAC3+2

YOUR ROLE.

Responsibilities include but not limited to:

- Assess technology, cybersecurity, and privacy risks within client environments and the related controls and provide practical remediation plans
- Conclude on the business impact to the organization as it relates to identified cybersecurity, technology, and/or privacy risks
- Manage multiple engagements while maintaining company quality standards
- Work with clients in a broad array of industries including information technology, financial services, retail consumer products, pharmaceuticals, electronics, manufacturing, media, and government contracting etc.
- Understand clients’ organizations and provide value-added solutions and best practices
- Proactively manage client issues and expectations. Understand and appreciate the firm’s model of balancing client needs with profitability
- Review and evaluate client IT environment including IT systems, processes, and controls to ensure compliance with prevailing regulatory laws and requirements
- Work with clients to test for compliance with various prevailing regulatory laws, requirements, and standards including but not limited to Sarbanes-Oxley Act of 2002, NYDFS, GDPR, CCPA, PCI DSS, ISO 27001, HIPAA, CMMC, etc.
- Ensure engagement reporting observations and recommendations are based on a complete understanding of the process, circumstances, and risk
- Prepare formal written reports providing recommendations for management to strengthen and improve operations in addition to identifying cost or efficiency savings
- Identify areas for risk transformation and automation to assist clients with reducing the cost of compliance
- Act as a professional mentor and coach to junior team members, participating in the performance management cycle
- Participate in business development activities such as professional networking, proposal development, etc.

YOUR EXPERIENCE.

The successful candidate will have:

- A minimum of seven (7) years of experience with the following:
- Working knowledge of Cloud Security Framework, General Data Protection Requirement (GDPR), COBIT 5, PCI DSS, ISO 27001/2, HIPAA, California Consumer Protection Act (CCPA), NIST 800-171/800-53/NIST 800-37 required
- Background and understanding of the risks and controls in technologies such as web, cloud, client/server, open systems architecture, data warehousing, and imaging
- Proficient understanding of Cloud security, Identity and Access Management, ERP, Operating Systems,
- Databases, and Network Infrastructure components
- Knowledge of risks and controls in emerging technologies based on Blockchain, Internet of Things (IoT), and Artificial Intelligence is a plus
- Experience managing simple and complex information technology internal audits Experience managing team of various sizes across geographical boundaries
- Exceptional oral and written communication skills
- Demonstrated ability to manage client engagements and supervise staff
- Bachelor’s Degree required, Master’s Degree preferred
- CISA, CISSP, CCSK, CIPP, or CRISC required Read more