Virtual CISO

Service Delivery Mettawa, Illinois


Description

DOT Security leverages expert personnel, efficient processes, & effective technology to improve client cybersecurity through outstanding detection, response, risk management, & compliance services. DOT continuously improves internal processes & technology to enhance provided services & yield increased client resilience against cyberattacks.

DOT is seeking to fill the role of Virtual Chief Information Security Officer (vCISO). A Virtual Chief Information Security Officer (vCISO) acts as the client liaison for Managed Security services. The vCISO coordinates with the SOC team, client executive leadership, & client IT support to ensure excellent services are delivered.

The vCISO is not a remote position. The vCISO is required to be on-site at the DOT Security-  Security Operations Center.

Responsibilities

  • Advise clients on cyber risk & appropriate security training for intended audiences
  • Align client cybersecurity strategy with information technology (IT) & business goals
  • Analyze & provide feedback on cybersecurity policies, procedures, & plans
  • Assess the effectiveness of client cybersecurity measures & controls
  • Compile & maintain Risk Registers with comments & next-touch dates to drive progress
  • Develop and deliver reports to inform client decision makers about cyber risk
  • Establish & maintain communication channels with client IT & executive stakeholders
  • Monitor & report client-level telemetry status, coverage, & performance
  • Share meaningful insights about client risks to improve risk comprehension
  • Track client maturity against CIS Control groups over time
  • Act with a sense of urgency, identify alternatives, & set realistic timeframes for resolution
  • Complete work based on priority, follow through as promised, & set expectations
  • Contribute to & perform both new & pre-existing plans, instructions, & procedures
  • Demonstrate active listening & critical thinking skills & comprehend received information
  • Interpret & understand complex & evolving concepts in a dynamic, fast-paced environment
  • Maintain awareness of technology advancements & their cybersecurity implications
  • Understand & present technical concepts to non-technical audiences
  • Provide exceptional customer service & remain calm under pressure
  • Resolve problems in early stages & ticket labor, notes, & details in a ticketing system

Things We Are Looking For

Knowledge/Skills/Abilities

  • Client relationship management (listening, setting expectations, delivering results)
  • Feedback interpretation for process, product, & service improvement
  • Policy, process, & procedure writing & review concepts
  • Project Management principles & techniques
  • Risk assessment methodologies & management processes (scoring, mitigation)
  • Supply chain risk management standards, processes, & practices
  • Ability to work independently & as part of a team
  • Adaptability to situations in which data is incomplete or where no precedent exists
  • Assets (applications/data/devices/networks/users) & related cybersecurity concepts (monitoring/hardening)
  • Communicate & collaborate in a clear, professional, & concise manner using technology, tools, & workspaces
  • Critical thinking, customer service skills, & passion for cybersecurity
  • Documenting & communicating complex technical concepts, incidents, problems, & events
  • Preparation & delivery of reports, plans, & briefings using presentation technology
  • System administration and cybersecurity theories, concepts, & methods
  • System resiliency, redundancy, data backup, recovery, business continuity, & disaster recovery concepts
  • Ethical hacking principles & the ability to work ethically & with integrity

Other Desired Attributes

  • Public Trust background check (Limited Requirement)
  • Relevant work experience in managed services industry
  • Cyber community participation (conferences/groups/tool authoring/CTFs)
  • Familiarity with at least one scripting language (Perl/Python/PowerShell)
  • Understanding of CIS Controls, NIST CSF, MITRE ATT&CK, and OWASP
  • Relevant college degrees
  • Certifications including CISSP, CISM

Benefits

  • 20 days of PTO
  • 12+ paid holidays
  • Flexible Sick Day Policy
  • Paid Parental Leave
  • Comprehensive Health, Disability Life, Dental and Vision Plans
  • 401(K) discretionary match & retirement plans 
  • Continued education reimbursement
  • On-going training and development opportunities 

#LI-Onsite