Virtual CISO

Recruiter
DOT Security
Location
Illinois
Salary
Competitive
Posted
29 Sep 2024
Closes
27 Oct 2024
Employer Sector
Technology, IT & Telecoms
Contract Type
Permanent
Hours
Full Time

DOT Security leverages expert personnel, efficient processes, & effective technology to improve client cybersecurity through outstanding detection, response, risk management, & compliance services. DOT continuously improves internal processes & technology to enhance provided services & yield increased client resilience against cyberattacks.

DOT is seeking to fill the role of Virtual Chief Information Security Officer (vCISO). A Virtual Chief Information Security Officer (vCISO) acts as the client liaison for Managed Security services. The vCISO coordinates with the SOC team, client executive leadership, & client IT support to ensure excellent services are delivered.

The vCISO is not a remote position. The vCISO is required to be on–site at the DOT Security– Security Operations Center.

Responsibilities
  • Advise clients on cyber risk & appropriate security training for intended audiences
  • Align client cybersecurity strategy with information technology (IT) & business goals
  • Analyze & provide feedback on cybersecurity policies, procedures, & plans
  • Assess the effectiveness of client cybersecurity measures & controls
  • Compile & maintain Risk Registers with comments & next–touch dates to drive progress
  • Develop and deliver reports to inform client decision makers about cyber risk
  • Establish & maintain communication channels with client IT & executive stakeholders
  • Monitor & report client–level telemetry status, coverage, & performance
  • Share meaningful insights about client risks to improve risk comprehension
  • Track client maturity against CIS Control groups over time
  • Act with a sense of urgency, identify alternatives, & set realistic timeframes for resolution
  • Complete work based on priority, follow through as promised, & set expectations
  • Contribute to & perform both new & pre–existing plans, instructions, & procedures
  • Demonstrate active listening & critical thinking skills & comprehend received information
  • Interpret & understand complex & evolving concepts in a dynamic, fast–paced environment
  • Maintain awareness of technology advancements & their cybersecurity implications
  • Understand & present technical concepts to non–technical audiences
  • Provide exceptional customer service & remain calm under pressure
  • Resolve problems in early stages & ticket labor, notes, & details in a ticketing system
Things We Are Looking For
  • Feedback interpretation for process, product, & service improvement
  • Policy, process, & procedure writing & review concepts
  • Risk assessment methodologies & management processes (scoring, mitigation)
  • Supply chain risk management standards, processes, & practices
  • Ability to work independently & as part of a team
  • Adaptability to situations in which data is incomplete or where no precedent exists
  • Assets (applications/data/devices/networks/users) & related cybersecurity concepts (monitoring/hardening)
  • Communicate & collaborate in a clear, professional, & concise manner using technology, tools, & workspaces
  • Critical thinking, customer service skills, & passion for cybersecurity
  • Documenting & communicating complex technical concepts, incidents, problems, & events
  • Preparation & delivery of reports, plans, & briefings using presentation technology
  • System administration and cybersecurity theories, concepts, & methods
  • System resiliency, redundancy, data backup, recovery, business continuity, & disaster recovery concepts
  • Ethical hacking principles & the ability to work ethically & with integrity

Other Desired Attributes

  • Public Trust background check (Limited Requirement)
  • Relevant work experience in managed services industry
  • Cyber community participation (conferences/groups/tool authoring/CTFs)
  • Familiarity with at least one scripting language (Perl/Python/PowerShell)
  • Understanding of CIS Controls, NIST CSF, MITRE ATT&CK, and OWASP
  • Certifications including CISSP, CISM