Cybersecurity Risk Consultant

Dark Wolf Solutions is looking for a Cybersecurity Risk Consultant who will advise clients to define cybersecurity program roadmaps, assess the maturity of cybersecurity programs, quantify and report on cyber risk, define processes to govern and manage cyber risk, and transform cyber programs to take advantage of new technologies and business models. The candidate will:

• Conduct client interviews and workshops to understand cybersecurity program maturity, determine legal/regulatory compliance status, and document end-to-end business processes and to determine security enhancements.
• Develop recommendations to remediate cybersecurity program deficiencies and improve client cybersecurity processes, technologies, and configurations.
• Assess the design and effectiveness of existing security controls and work with solution and product development teams to identify, define, and document additional controls based on solution-specific or product-specific requirements.
• Support development and implementation of innovative methods to achieve compliance with government and commercial cybersecurity frameworks.
• Perform cybersecurity gap analyses between client implementations and requirements articulated in cybersecurity frameworks and best practices.
• Define and document cybersecurity Key Risk Indicators (KRIs) / Key Performance Indicators (KPIs)
• In some circumstances, create artifacts to support making accreditation decisions to include System Security Plans (SSPs), control matrices, security assessment reports, and Plans of Action & Milestones (POA&Ms).
• Work as part of a larger Cybersecurity Team and may support multiple programs at one time.
• Support the design and implementation of third-party cybersecurity risk governance and operating models
• Build policies, standards, procedures, and controls to enable the confidentiality, integrity, and availability of both on-premises as well as cloud-hosted applications and infrastructure

Required Qualifications: 

• A bachelor’s degree in information security or related discipline
• 4+ years of experience in consulting, information security, or a related field
• Advanced writing skills: able to clearly articulate ideas for executive level consumption
• Advanced problem-solving skills: able to use prior experience and knowledge to address new situations; especially during interactions with clients
• Advanced analytical skills: able to use prior experience and knowledge to seamlessly incorporate new knowledge or information during client interactions
• U.S. Citizenship and clearable to a Secret clearance or higher
• Must be willing to travel at least 20%

Desired Qualifications: 

• Experience defining, documenting, and implementing cybersecurity risk management governance models and risk and control structures.
• Understanding of general security concepts and methods (e.g., cybersecurity strategy and transformation, cybersecurity risk management, cybersecurity architecture, cloud security, emerging technologies, and third-party risk management)
• Experience and familiarity with industry-standard cybersecurity control frameworks (e.g., NIST CSF, NIST SP 800-53, FSSCP)
• The following certifications are desired: CEH, Security +, CISSP, CISM, CISA, CRISC
• Prior experience working as a cyber security practitioner and/or cyber risk practitioner for a public accounting firm or professional services firm
• Experience and ability to manage multiple concurrent engagement teams and projects
• Experience with business development and proposal activities

We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.