Overview
Seeking an opportunity to build amazing client relationships and solve mission critical, strategic problems? We are ROCIMG, a consulting firm serving the federal government and commercial clients with a focus on strategy, transformation, program management, technology and cybersecurity. We are a rising company with rich client experiences and great references. We develop enduring partnerships with our clients to resolve complex, mission-critical challenges, and help them to accomplish their strategic and operational goals. We have a vision for becoming our customers preferred adviser and provider of digital transformation, business, technology and cybersecurity services. As we continue to grow our business, we are looking for a Lead Cybersecurity Consultant to join our delivery team.
As the Lead Cybersecurity Consultant on our team, you'll use your experience to work with diverse organizations to discover their cyber risks, understand applicable policies, and formulate mitigation plans. You'll develop practice guides, and review technical, environmental, and personnel details from organizations to assess the entire threat landscape. Then, you'll guide your client through a plan of action with presentations, white papers, and milestones. You'll work with your client to translate security concepts, so they can make the best decisions to secure their environment. This is your opportunity to act as an information security subject matter expert while broadening your skills in various emerging concepts and technologies. Join us as we help advance our client's security posture.
Responsibilities
- Review existing documentation of IT controls, business processes, policies, procedures, and management reports for effectiveness and sustainability
- Review, document, evaluate, and test manual and automated computer controls
- Conduct risk assessments on business and operational processes, procedures, and policies
- Interpret assessment results and make conclusions on the adequacy and reliability of controls; develop recommendations to remediate gaps; prepare and present reports as necessary
- Advise clients on cybersecurity matters and how to address and mitigate risks
- Conduct gap analysis via testing and recommend specific actions to fix gaps in processes and/or process management
- Prioritize control projects based on severity of risk and non-compliance
- Lead and support governance, risk and compliance related projects, e.g., policy development
- Support marketing, sales, business development and proposal activities
- Support recruiting, mentoring, team building and other internal operations tasks to strengthen and grow the practice
Formal Education & Certification
- Minimum Bachelor’s degree in Cybersecurity or technology related degree
- Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) designations preferred
Knowledge & Experience
- 5+ years of experience with security program assessments, risk assessments, compliance assessments, and mitigation planning
- Strong familiarity with cybersecurity governance and controls frameworks, such as NIST CSF, NIST 800-53, CMMC, and ISO 27000
- Familiarity with SOX compliance requirements
- Ability to carry out assessment interviews, documentation review, and perform analysis across diverse levels of key stakeholders
- Ability to develop policies, procedures, and other documentation
- Solid experience in testing, evaluating, and documenting controls for compliance
- Strong project management skills
- Expertise with flowcharting software tools (e.g., Visio)
- Hands-on experience building reports, tools and presentations with Microsoft Word, Excel, and PowerPoint
- Ability to develop strategy and materials to present to client stakeholders and leadership
- Can adapt to shifting priorities, demands, and timelines through analytical and problem solving capabilities
- Ability to manage and collaborate with multidisciplinary teams
- Reacts to project adjustments and alterations promptly and efficiently
- Adept at conducting research into project-related issues and products
- Ability to effectively prioritize and execute tasks in a high-pressure environment is crucial
- Excellent verbal, interview, and diplomacy skills
- Excellent written and oral communication skills
Preferred
- Experience with cybersecurity strategy development, policy development, control design, control implementation, control management, audit and compliance
- Knowledge of threat modeling, kill chain analysis, risk optimization principles
- Knowledge of system administration, network, and operating system hardening techniques
- Knowledge of system life cycle management principles, including software security and usability
- Project management experience
Location
- Gaithersburg, MD; Hybrid
- This is a consulting role and so on site work may be required in the DC-Baltimore Metropolitan region
Additional Requirements
- Education and certifications will be verified for this position
- This position requires successful completion of a background check and employment verification
- US citizenship is required for suitability investigation
Benefits
- Medical, Rx, Dental & Vision Insurance
- Company Paid Time Off and Paid Holidays
- 401(k) Retirement Plan
- Skills Development & Certifications
- Employee Referral Program
PIc1ad98dba95d-25826-35451992