Virtual CISO
- Recruiter
- DOT Security
- Location
- Illinois
- Salary
- Competitive
- Posted
- 29 Sep 2024
- Closes
- 27 Oct 2024
- Job Type
- Chief Information Security Officer
- Employer Sector
- Technology, IT & Telecoms
- Contract Type
- Permanent
- Hours
- Full Time
DOT Security leverages expert personnel, efficient processes, & effective technology to improve client cybersecurity through outstanding detection, response, risk management, & compliance services. DOT continuously improves internal processes & technology to enhance provided services & yield increased client resilience against cyberattacks.
DOT is seeking to fill the role of Virtual Chief Information Security Officer (vCISO). A Virtual Chief Information Security Officer (vCISO) acts as the client liaison for Managed Security services. The vCISO coordinates with the SOC team, client executive leadership, & client IT support to ensure excellent services are delivered.
The vCISO is not a remote position. The vCISO is required to be on–site at the DOT Security– Security Operations Center.
Responsibilities- Advise clients on cyber risk & appropriate security training for intended audiences
- Align client cybersecurity strategy with information technology (IT) & business goals
- Analyze & provide feedback on cybersecurity policies, procedures, & plans
- Assess the effectiveness of client cybersecurity measures & controls
- Compile & maintain Risk Registers with comments & next–touch dates to drive progress
- Develop and deliver reports to inform client decision makers about cyber risk
- Establish & maintain communication channels with client IT & executive stakeholders
- Monitor & report client–level telemetry status, coverage, & performance
- Share meaningful insights about client risks to improve risk comprehension
- Track client maturity against CIS Control groups over time
- Act with a sense of urgency, identify alternatives, & set realistic timeframes for resolution
- Complete work based on priority, follow through as promised, & set expectations
- Contribute to & perform both new & pre–existing plans, instructions, & procedures
- Demonstrate active listening & critical thinking skills & comprehend received information
- Interpret & understand complex & evolving concepts in a dynamic, fast–paced environment
- Maintain awareness of technology advancements & their cybersecurity implications
- Understand & present technical concepts to non–technical audiences
- Provide exceptional customer service & remain calm under pressure
- Resolve problems in early stages & ticket labor, notes, & details in a ticketing system
- Feedback interpretation for process, product, & service improvement
- Policy, process, & procedure writing & review concepts
- Risk assessment methodologies & management processes (scoring, mitigation)
- Supply chain risk management standards, processes, & practices
- Ability to work independently & as part of a team
- Adaptability to situations in which data is incomplete or where no precedent exists
- Assets (applications/data/devices/networks/users) & related cybersecurity concepts (monitoring/hardening)
- Communicate & collaborate in a clear, professional, & concise manner using technology, tools, & workspaces
- Critical thinking, customer service skills, & passion for cybersecurity
- Documenting & communicating complex technical concepts, incidents, problems, & events
- Preparation & delivery of reports, plans, & briefings using presentation technology
- System administration and cybersecurity theories, concepts, & methods
- System resiliency, redundancy, data backup, recovery, business continuity, & disaster recovery concepts
- Ethical hacking principles & the ability to work ethically & with integrity
Other Desired Attributes
- Public Trust background check (Limited Requirement)
- Relevant work experience in managed services industry
- Cyber community participation (conferences/groups/tool authoring/CTFs)
- Familiarity with at least one scripting language (Perl/Python/PowerShell)
- Understanding of CIS Controls, NIST CSF, MITRE ATT&CK, and OWASP
- Certifications including CISSP, CISM