Cybersecurity Consultant

Job Description

Ingalls Information Security is looking for a Cybersecurity Consultant who is self-motivated and can work both independently and in a close team environment.

The Cybersecurity Consultant is responsible for acting as a cybersecurity subject matter expert (SME) assisting clients and potential clients with identifying tailored solutions to fit their information assurance needs. This includes performing assessments of networks, systems, applications, policies, and operating procedures, in accordance with established risk management standards, to determine the effectiveness of security controls to properly safeguard the Information Technology infrastructure and information assets.

The Consultant will recognize security control gaps, identify opportunities for improvements, and provide clients with recommendations to reduce risk to the organization and mitigate loss potential.

The Consultant should be familiar with information pertaining to Federal laws, the National Institute of Standards and Technology (NIST) information technology concepts, practices, standards, and procedures; industry best practices; and industry frameworks such as SOC 2, CIS, ISO 27001, COSO, and COBIT.

The following are representative, but not all-inclusive, of the knowledge, skills, and abilities required to lead in this role.

Duties and Responsibilities

• Perform Risk Assessments (utilizing well-known frameworks such as NIST CSF, NIST RMF, CIS RAM, ISO27001)
• Provide Security Control Implementation (NIST 800-53, NIST 800-171, CIS 18)
• Perform Gap Analyses (based on compliance frameworks such as AICPA SOC 2, HIPAA, PCI-DSS, FFIEC)
• Develop Simulated Phishing Testing Campaigns
• Develop and Implement Security Awareness Training Programs
• Act as Virtual Chief Information Security Officer to Clients
• Perform Business Impact Analyses (BIA)
• Facilitate Incident Response & Business Continuity Tabletop Exercises
• Review, Develop, and Implement Cybersecurity Risk Management Programs
• Review, Develop, and Implement Vendor/Third Party Risk Management Programs
• Review & Develop Policies (Information Security, Business Continuity, Disaster Recovery, Incident Response, Vulnerability Lifecycle Management, Physical Security, etc.)
• Communicate Assessment Results with Management and Executives
• Analyze Conditions and Offer Recommendations on Best Practice
• Establish and Maintain Strong Client Relationships
• Assist with further developing our next generation service offerings and the infrastructure required to facilitate these offerings (proposals, client facing materials, work programs, templates)

Qualifications

• Bachelors Degree in Business, Accounting, Cybersecurity, Information Technology, Computer Science, Computer Information Systems, or a related discipline preferred
• Experience working as an IT Auditor or Cybersecurity Consultant
• Advanced understanding in the areas of Information Assurance, Risk Management, Information Security, IT Audits, Compliance, Internal Control Frameworks, and Risk Assessments
• CISSP, CISA, CISM, or comparable IT Security certification preferred
• Demonstrated ability to prioritize while simultaneously managing multiple projects, often under tight deadlines
• Business-fluent written and spoken English language skills

Other Requirements

• Excellent written and verbal communications skills
• Proven commitment to providing exceptional client service
• Effective time management and organizational skills
• Team player with strong interpersonal communication
• Self-starter with a strong work ethic
• Able to perform work which requires attention to detail, analytical ability, and organization
• Skilled at using Microsoft Excel, Word, PowerPoint, Access, and Visio
• Must be willing and able to travel domestically
• Able to furnish a writing sample and transcripts upon request
• Strong attention to detail

Additional Information

This position can be remote and regionally based depending on market and opportunities. Office setting, travel that requires computer usage, customer interface, network building through professional communication.

All your information will be kept confidential according to EEO guidelines.