Virtual CISO

Service Delivery Mettawa, Illinois


Description

DOT Security Logo

DOT Security’s mission is to improve the security posture of client organizations by providing detection, response, risk management, and compliance services as identified and required. DOT Security will implement processes, technology, and provide subject matter expert personnel to monitor and respond to client needs in the cybersecurity and compliance space. Working with client organizations, DOT Security will continuously measure and improve internal processes and technology, which will translate to improved services provided to the client.

DOT Security is seeking team members to fill the role of Virtual CISO. Individuals will have the opportunity to join based on their knowledge and skills demonstrated during the interview process including testing. DOT Security has developed a career progression path, that challenges our team to grow as cybersecurity professional consultant knowledge and providing excellent customer service as a member of the DOT Security – Services team.

As a Virtual CISO, you will act as a Cybersecurity Executive for DOT clients. 

The role of the Virtual CISO is challenging and rewarding. It requires a business acumen and effective communication skill set. The ability to communicate highly technical concepts to non-technical users is critical to client success. There is an opportunity to mentor Technical Account Managers, as needed.

The vCISO is not a remote position. The vCISO is required to be on-site at the DOT Security Operations Center.


Responsibilities

  • Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture.
  • Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
  • Advise cybersecurity requirements to be integrated into the continuity planning for that system and/or organization(s).
  • Facilitate overall enterprise information security architecture (EISA) with the organization’s overall security strategy.
  • Evaluate cost/benefit, economic, and risk analysis in decision-making process.
  • Identify alternative information security strategies to address organizational security objective.
  • Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.
  • Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.
  • Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
  • Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
  • Participate in the acquisition process as necessary, following appropriate supply chain risk management practices.
  • Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
  • Perform penetration testing as required for new or updated applications.
  • Collaborate with developers, conveying target and technical knowledge in tool requirements submissions, to enhance tool development.
  • Monitor target networks to provide indications and warning of target communications changes or processing failures.

Things We Are Looking For

Knowledge
  • Expert understanding of all Technical Account Manager requirements
  • Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Applicable business processes and operations of customer organizations.
  • Resource management principles and techniques.
  • Supply chain risk management practices (NIST SP 800-161)
  • Critical information technology (it) procurement requirements.
  • Information Technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • Laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
  • Encryption algorithms
  • Risk Management Framework (RMF) requirements.
  • Applicable laws and/or Administrative/Criminal Legal Guidelines and Procedures.
  • Critical infrastructure systems with information communication technology that were designed without system security considerations.
Skills
  • Creating policies that reflect system security objectives.
  • Determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • Evaluating the trustworthiness of the supplier and/or product.
Abilities
  • Apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
  • Integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).
  • Identify critical infrastructure systems with information communication technology that were designed without system security considerations.
Other Desire Attributes
  • Certifications include, but not limited to specialized Sec+, CGIH, CISSP, CISM, or other comparable certifications.
  • Public Trust background check (Limited Requirement).
  • Must be able to do some light lifting.
  • College degrees may be a substitute for up to two years’ experience for Bachelor’s degrees. 4 Years for master’s degrees.

Benefits

  • 20 days of PTO
  • 12+ paid holidays
  • Flexible Sick Day Policy
  • Paid Maternity & Paternity Leave
  • Comprehensive Health, Disability Life, Dental and Vision Plans
  • 401(K) match & retirement plans
  • Student Loan reimbursement
  • On-going training & development opportunities 

#LI-Onsite