Cyber Risk Advisor

Summary

Join Sourcepass, a leading IT consulting company, as a Cyber Risk Advisor. You will play a critical role in managing and mitigating cyber risks for multiple clients, collaborating with stakeholders and internal teams. Responsibilities include conducting risk assessments, providing consultations, implementing new services, and developing cybersecurity policies. This position requires expertise in various cybersecurity frameworks and certifications, along with strong communication and project management skills. A Bachelor's degree in a related field or substantial relevant experience is preferred. The salary is $90,000+ (negotiable based on experience). Sourcepass is an award-winning company with a strong commitment to its employees and clients.

Requirements

• Bachelor’s Degree in information security, cybersecurity, computer science, or a related field is preferred. In lieu of a degree, substantial relevant experience in cybersecurity and compliance will be considered
• Cybersecurity Framework Expertise: Deep understanding and expert-level knowledge of compliance and regulatory frameworks including but not limited to: NIST SP 800-53: Extensive experience in applying the security and privacy controls for federal information systems and organizations
• NIST SP 800-171: Expertise in protecting controlled unclassified information in non-federal systems and organizations
• Cybersecurity Maturity Model Certification (CMMC): Proficiency in the implementation of required cybersecurity practices and processes to achieve compliance with the Department of Defense's CMMC standards
• International Traffic in Arms Regulations (ITAR): Knowledge of ITAR compliance and the secure management of defense-related articles and services
• ISO 27001: In-depth experience in establishing, implementing, maintaining, and continually improving an information security management system (ISMS)
• SOC 2: Strong familiarity with the SOC 2 framework, specifically in managing and auditing the controls relevant to security, availability, processing integrity, confidentiality, or privacy of a system
• Technical Proficiency: Skilled in using major cybersecurity tools and technologies, with a strong capability in: Risk assessment tools and methodologies Performing risk assessments and managing risk registers Conducting compliance audits and managing remediation plans Data protection and encryption technologies Utilizing GRC software tools to streamline compliance and risk management processes Vulnerability management software
• Communication Skills: Excellent verbal and written communication skills are essential for effectively articulating technical and risk-related information to a variety of audiences, including non-technical stakeholders
• Project Management: Demonstrated ability to manage multiple projects simultaneously, prioritize tasks effectively, and work collaboratively across diverse teams to meet deadlines and objectives

Responsibilities

• Collaborate with stakeholders to ensure the security, confidentiality, privacy, integrity, and availability of data
• Conduct comprehensive annual risk assessments and provide ongoing risk management consultations for clients
• Act as a subject matter expert on risk exposure and mitigation strategies, fielding specific analysis requests and advising on best practices
• Support the implementation of new products and services, ensuring alignment with organizational security standards and best practices
• Contribute to the development and refinement of cybersecurity policies and procedures, enhancing organizational and client cybersecurity frameworks
• Engage in continuous professional development to maintain and advance knowledge of industry standards and regulatory requirements
• Required to attend monthly office meetings if located within 30 miles of a Sourcepass office

Preferred Qualifications

Professional Certifications: Possession of industry-recognized certifications is highly desirable, which could include: CompTIA Security+ , Certified Ethical Hacker ( CEH ), Cybersecurity Analyst ( CySA+ ), Certified Information Systems Security Professional ( CISSP ) or Certified Secure Software Lifecycle Professional ( CSSLP )