Do you have a passion for understanding what makes a cybersecurity operation tick?
Do you enjoy applying your evaluation and assessment skills to determine practical applications of the NIST Cybersecurity Framework?
Does a variety of cybersecurity operations and enterprise-level security protection interest you?
If so, then we invite you to join our fast-paced technology team in creating groundbreaking cybersecurity solutions for a company unlike any other in the country—working as a trusted partner in a private network of very large, security-sensitive companies creating leading edge and practical applied solutions across multiple industries.
We are seeking multi-talented cybersecurity experts with experience assessing and improving information security programs. This governance-focused, consulting-based role provides practical, actionable, and relevant findings and recommendations for a wide range of our customer organizations.
This position is remote. We are a distributed workforce located throughout the US.
Key Responsibilities and Accountabilities include:
- Rapid assessment of a variety of third-party policy, procedure, and practices using industry standard frameworks from NIST, CIS, and ISO.
- Extract detailed understanding of expected organization behavior from documentation of policies, procedures, and other technical data
- Participate in and conduct succinct interviews with personnel to develop well-supported and defensible conclusions about an organization’s security program
- Identify and retain awareness of assumptions made to bridge gaps in provided information and recognize how those assumptions modify conclusions
- Develop practical and actionable recommendations for cybersecurity organizational policy and technology recognizing constraints on budget, capability, and business need
- Verbal and written summarization of relevant information for effective communication into varied audiences (security specialists, risk managers, other technical, non-technical, management, executives)
- Proactive identification and tracking of developments in security policy and governance
- New and established information security standards
- Potential legal and regulatory considerations for cybersecurity and privacy
- Production of customer-facing reports and other written cybersecurity/risk products
- Recommendations for remediation of gaps affecting cybersecurity policy and governance posture
- Security policy and governance application in a practical manner to different classes of organizations, to ensure good outcomes
Informal and formal risk assessment process participation to ensure alignment of decisions to the current environment
- Continuous quality improvement assurance within the assessment program
- Conformance to the highest ethical standards and established rules of engagement
- 4+ years of cybersecurity or related experience
- Experience in both technical and policy roles in a broad range of organizations and industries
- CISSP, CISA, CISM, or other similar certifications in good standing
- Past experience should include at least one operational role for medium-large production IT, incident response, or security operations
- Demonstrable practical understanding of the NIST Cybersecurity Framework (CSF), SEI Capability Maturity Model (CMM/CMMI), and other security and maturity standards and frameworks, including techniques to assess conformance to standards
- Demonstrable capability to synthesize disparate security frameworks as well as legal and regulatory security and privacy regulations and frameworks into workable assessment models
- Knowledge of NIST SP. 800-53 Rev. 5, NIST CSF, CIS Controls, ISO 27001:2013, HIPAA, PCI-DSS, Hitrust CSF, CSA CMM/CAIQ, GDPR
- Demonstrable written and verbal communication skills ensuring clarity, accuracy, and appropriate degrees of brevity/depth for different audiences
- Demonstrable skill in continuous quality improvement
- Proven ability to:
- Work successfully both independently and within a team
- Identify and conceptualize opportunities to innovate
- Think critically
- Adhere to scope, while being creative enough to think outside the box
- Balance multiple priorities
- Evaluate risk, understand related consequences and make decisions in that framework
- Communicate with others effectively, orally and in writing, and have the ability to interact successfully with professionals, peers, and CISOs
- Successfully pass background and public records screening
- US Citizen
Covail is a rapid innovation company founded by leading companies in seven different industries that delivers business value through advanced analytics and cybersecurity solutions. We offer a competitive benefits package that includes comprehensive medical and dental care, matching 401K, paid time off, as well as other voluntary benefits. Covail is an Affirmative Action/Equal Opportunity Employer and supports diversity in the workplace. For more information, please visit www.covail.com.
To apply, please send a resume and cover letter to firstname.lastname@example.org.