Prosyntix is currently recruiting for one of their Cyber Security industry clients in the NY/NJ area:
Risk Management Services (RMS) Regional Lead Engineer NY/NJ
We are looking for a skilled security professional who can help our clients build security programs based on proven standards, identify gaps in their existing programs, provide recommendations for remediation, and help the client meet their specific compliance requirements.
The ideal candidate must be knowledgeable and customer-oriented, with strong critical thinking and problem solving skills, as well as the ability to communicate to various levels within a business.
- Provide presales support for the regional sales team to align client requirements with potential solutions that include both AITG provided service offerings and technologies.
To provide these solutions, the RMS Regional Lead Engineer must be able to:
- Identify client needs and business drivers.
- Gather relevant client input, information and documentation required for each opportunity.
- Analyze gathered data to form conclusions and recommendations.
- Provide recommendations for services and solutions to meet client needs.
- Secure, design and take lead on complex client projects.
- Ability to balance team collaboration with independent responsibilities.
- Demonstrate the ability to extend boundaries of service delivery for creative solutions.
- Demonstrate the ability to work as an acknowledged member of the cybersecurity industry.
- Apply expertise across multiple verticals and disciplines.
- Require limited supervision to develop and present a statement of work and work breakdown structure successfully to expected quality standards.
- Execute engagement delivery and support as part of a larger team as well as independently deliver consulting engagements at the highest level.
As a part of the practice the RMS Regional Lead Engineer acts as a subject matter expert to deliver a variety of Risk Management Engagements. Perform IT and information security risk and compliance assessments, including at least three of the following:
- Internal and external vulnerability assessments, external penetration testing, application vulnerability assessment, physical security audits and social engineering exercises, PCI audits and scans, NIST-800, GDPR, and HIPPA assessments, audits, gap analyses, and remediation
- Develop methods to monitor and measure actual risk, compliance, and assurance efforts
- Actively lead projects in the noted domains
- Communicate with project stakeholders to effectively convey requirements of technical and program level solutions
- Create customized technical documentation for applications, systems and infrastructure assessments
- Interpret patterns of non-compliance to determine their impact on levels of risk and/or overall effectiveness of the client's cybersecurity program
- Develop specifications to ensure risk, compliance, and assurance efforts conform to business and security requirements at the software application, system, and network environment levels
- Perform basic lead duties to mentor and coach junior staff
- Work across boundaries to build relationships and share information, plans and resources
- Provide thought leadership and direction to the project team
- Translate business needs into actionable next steps
- Review the results of the analysis with team members and client personnel
- Develop strategies to present the information in a clear and concise manner
- Possess sufficient information security knowledge and experience to conduct technically complex security assessments
- Understanding of compliance requirements, regulatory, privacy, international laws and statutory requirements
- Hands on experience with risk frameworks, enterprise risk methodologies, IT Security risk methodologies and control design and security design/architecture
- Experience with security architecture, infrastructure, networking and systems design
- Knowledge of and hands-on experience with Vulnerability Assessment and Penetration Testing tools and methodologies, PCI audits and PCI attestations, NIST 800-53, and ISO 27001
- Possesses at least one accredited, industry recognized professional certification, such as: (ISC)2 Certified Information System Security Professional (CISSP), ISACA Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA), GIAC Systems and Network Auditor (GSNA), or Certified ISO 27001, Lead Auditor, Internal Auditor.
- 4+ years experience in a security, risk management or compliance management role as a consultant or in a corporate environment
- A minimum of one year of experience in each of the following information security disciplines:
- Application security
- Information systems security
- A minimum of one year of experience in each of the following audit/ assessment disciplines:
- IT security auditing
- Information security risk assessment or risk management.
Values and Attributes:
- Exceptional customer service skills
- Demonstrated ability to present complex, sensitive or contentious information to large groups of technicians, specialists and senior managers
- Ability to prepare written reports and deliver oral presentations to clients regarding conclusions and cost effective recommended solutions based on specialized professional expertise
- Project planning and implementation skills
- Ability work through difficult and dynamic situations successfully
- Self-motivation and professionalism
- Ability to work independently with minimal management supervision, as well as, part of a team
- Superior problem solving and critical thinking skills
- Ability to adapt quickly to changing circumstances, direction, and strategy.