View all jobs
Cyber Security Program Lead
Boston, MAFusion HCR is hiring!
Direct Hire, Cyber Security Program Lead for an excellent client of ours! This is a hybrid position, the candidate can be based out of Dayton Ohio, Boston or Washington DC areas.
The Cyber Security Program Lead oversees information security-related initiatives and projects, focusing predominantly on cyber-compliance. Supports the firm’s ISO 27001 security effort, ensuring key requirements are met and improvements made. Leads the firm’s third-party risk management program and vulnerability management program. Ensures accurate completion of client and internal cyber security audits and conducts reviews of security-related client Outside Counsel Guidelines (OCGs). Works across groups within Information Services to implement security-related projects and procedures, confirms proper operation of security infrastructure and ensures proper incident response. Provides expertise and guidance on risk-based decisions, the integrity of security procedures, systems, and policies in the design of new applications and services. Authorized to approve new applications and services and exceptions to firm policy, in coordination with the Director, Information Security.
Supervises the Cyber Security Compliance Analyst position and leads cyber security compliance initiatives firmwide, including client and internal audits. Provides coaching and guidance to other security team members and others in regard to firm compliance programs and audits.
About The Role:
Education:
Direct Hire, Cyber Security Program Lead for an excellent client of ours! This is a hybrid position, the candidate can be based out of Dayton Ohio, Boston or Washington DC areas.
The Cyber Security Program Lead oversees information security-related initiatives and projects, focusing predominantly on cyber-compliance. Supports the firm’s ISO 27001 security effort, ensuring key requirements are met and improvements made. Leads the firm’s third-party risk management program and vulnerability management program. Ensures accurate completion of client and internal cyber security audits and conducts reviews of security-related client Outside Counsel Guidelines (OCGs). Works across groups within Information Services to implement security-related projects and procedures, confirms proper operation of security infrastructure and ensures proper incident response. Provides expertise and guidance on risk-based decisions, the integrity of security procedures, systems, and policies in the design of new applications and services. Authorized to approve new applications and services and exceptions to firm policy, in coordination with the Director, Information Security.
Supervises the Cyber Security Compliance Analyst position and leads cyber security compliance initiatives firmwide, including client and internal audits. Provides coaching and guidance to other security team members and others in regard to firm compliance programs and audits.
About The Role:
- Approves risk decisions and exceptions to firm policy in coordination with the Director-Information Security.
- Supervises the Cyber Security Compliance Analyst position, supporting completion of information security risk assessments, daily/weekly/monthly/quarterly auditing of information security processes, creation of metrics, and ongoing vulnerability management.
- Oversees and participates in the completion and hosting of both firm and internal ISO 27001 security audits.
- Oversees the completion of client cyber security audits and conducts reviews of security-related client Outside Counsel Guidelines (OCGs).
- Supports IS security within the system development lifecycle including production acceptance, change management, user administration, security logging, secure process flow, and security best practices.
- Manages the firm’s application security review process, ensuring new services are properly vetted.
- Monitors on-going security incident response procedures to ensure proper identification and prioritization of incidents.
- Leads information security projects that apply security protections to enterprise systems, processes and information resources.
- Assists with proactively supporting client service and ensures that staff members are providing quality service to internal members of the Firm as well as external clients and vendors by displaying professionalism via electronic and print correspondence, over the telephone and in-person and by encouraging an atmosphere that rewards a "can do" attitude.
- Assumes additional responsibilities as assigned.
- Hands on experience with the installation and support of computing platforms and applications, including selection, design and support of cyber security tools.
- Strong experience with one or more major cyber security compliance frameworks (NIST; ISO 27001; etc)
- Knowledge of security issues, techniques, and implications across all existing computer platforms required.
- Knowledge in networking, databases and systems operations is required.
- Strong work ethic; excellent use of discretion and judgment. Excellent written and verbal communication skills.
- Strategic thinking and planning abilities required.
- Analytical thinking
- Able to breakdown raw information and undefined problems into specific, workable components that in-turn clearly identify the issues at hand.
- Makes logical conclusions, anticipates obstacles and considers different approaches that are relevant to the decision making process.
- Effectively meet challenges, influence and drive consensus within the team.
- Proven interpersonal and communication skills.
- Demonstrated problem solving abilities, analytical skills, and proven ability to meet challenging deadlines required.
Education:
- Bachelor's Degree required, preferred in Cyber Security, Computer Science or related technical field.
- Security Certification (CISSP, CRISC, etc) or equivalent strongly preferred.
- Experience:
- 5 years or more work experience supporting information security in a large and complex environment; or other equivalent combination of education and experience that provides the required knowledge and skills.
- Supervisory experience within a cyber security organization.