Senior Cyber Security Analyst/vCISO
Cyber Advisors Inc, (CAI) located in Maple Grove, MN, is looking for an experienced Senior Cyber Security Analyst/vCISO. CAI is a steadily growing IT managed services provider (MSP) business that specializes in a very high-quality, customer-focused approach to designing, managing, and maintaining our customer's IT environment. We have invested a tremendous amount of time to develop our technology, processes, and support platform. We are now adding to our team of outstanding individuals to help in our growth. Come grow with us!Apply
Cyber Advisors, Inc. has been the recipient of multiple Top Companies to Work For awards by both Twin Cities Magazine and Star Tribune. Come and join a team where we solve a wide array of technology tasks, build individual skill sets, and have a good time doing it! We are looking to add a Senior Cyber Security Analyst/vCISO to our team. Cyber Advisors provides employees opportunities for growth and learning while servicing a dynamic customer base. Our customers depend on us as their technology consultants and you will be expected to play a major role in our growth and success. You will also build your own skill set as you are exposed to many different types of applications, environments, and platforms.
The Senior Cyber Security Analyst/vCISO role is a senior-level consulting position within the Cyber Advisors Security Practice responsible for cyber security governance, risk, and compliance subject matter expertise, collaborating on numerous internal and client-facing security projects, and operational security initiatives. This position will support the development and operational activities of junior-level cyber analysts and engineers while growing the security team’s governance and operations skillset, processes, and playbooks. In this role you will create and evangelize a wide-ranging set of security services, technical, and operational capabilities for use in our Cyber Security Consulting Practice. As a consulting virtual Chief Information Security Officer, you are also a senior Security Practice leader, and will be able to use your breadth of business and technical knowledge, skills, and abilities to provide information security thought leadership and guidance to Cyber Advisors clients.
The Senior Cyber Security Analyst/vCISO has responsibility for continuously identifying gaps and managing the improvements in security governance processes, technologies, and operations for Cyber Advisors clients. You will work closely with internal architecture, engineering, and project management teams, to help scope client engagements, and help ensure proactive cyber-defense requirements are identified and communicated early in Cyber Advisors client environments. You will use your expertise to develop and execute on new or expanded service offerings to continuously improve your client’s cyber security.
Knowledge, Skills and Abilities:
- Proven ability to quickly gain an understanding of the client organization’s strategy and business environment
- Demonstrated ability to provide real-time threat analysis and strategy updates on an ad hoc basis, sometimes after hours
Proven ability to anticipate future client security and compliance challenges
- Confidence to oversee Cyber Advisors and/or client mid-level and analyst/engineering teams security initiatives
Proven capability and willingness to perform or assist in discovery, triage, remediation, and evaluation of threats
- Demonstrated ability to delicately recommend strategic personnel, software, and/or hardware acquisitions, and improvements
- Demonstrated knowledge of and ability to speak to the latest cloud security models, including GCP, AWS, and Azure platform
- Understanding and ability to speak to cloud infrastructure or development environments and cloud management initiatives including workload protection, anti-virus, server EDR, container and serverless security, memory and process, integrity/protection, micro-segmentation, vulnerability, hardening, and configuration compliance
- Quickly learn and understand the client business environment and match a management style that resonates with the customer
- Quickly build trusted relationships with key personnel, in order to foster a successful cybersecurity program
- Meet customer requirements with flexibility and good humor
- Reflect the highest possible ethical and moral standards of the virtual CISO program
- Utilize, create, and improve upon Cyber Advisors and open source cyber security artifacts to present a singular point of view for the Security Practice and Cyber Advisors, and for the benefit of our vCISO clients
- Initiate cybersecurity risk assessments based on client organization’s assets
- Establish the client organization’s cybersecurity strategy
Build client cybersecurity plans and programs, including policies, standards, and practices, from varying capability maturity level starting points
- Build client Governance, Risk, and Compliance (GRC) programs appropriate to their scope, scale, and maturity
- Assist with or lead third party assessment responses or requests of client partners, suppliers, and vendors
- Maintain core security operations, including utilization of NOC/SOC services, EDR, PAM, MDM, and other specialized internal, client, or third-party security operations
- Focus on people including indirect management of personnel, contractors, and/or vendors
- Build and execute training strategies
- Dedication to customer satisfaction and getting it right the first time.
- Demonstrate ability to explain complex technical concepts to a non-technical audience.
- Strong trouble-shooting skills across a broad and diverse population and environment.
- Demonstrate ability to proactively look for process improvement opportunities, challenge conventional practices, and adopt new methods and best practices. Also focused on continuous self-improvement.
- Demonstrate verbal and written communication skills; ability to communicate with all levels of the organization, clearly and concisely present issues, alternatives, and recommendation(s).
- Strong technical documentation skills, ability to clearly record key information within ticketing and knowledge base systems.
- Appreciation of internal customer business, goals and objectives, strategies, and needs.
- Demonstrate ability to manage and prioritize multiple tasks, aggressive targets, and deadlines.
- Demonstrate understanding of priorities and effective work procedures, self-manage work time and prioritize multiple tasks and problems.
- Develop and support incident response processes and practices to ensure timely assessment, triage, remediation, containment, mitigation, and documentation of Cyber Advisors and client incidents
- Review and analyze cyber threats and provide SME support and training to junior level security analysts and engineers
- Interact with and assist other Cyber Advisors teams within the NOC and MSP practice on time sensitive, critical investigations of Cyber Advisors clients
- Work with solution architects and sales staff to solve client problems and establish effective, productive business relationships
- Define baseline security monitoring requirements for all new projects, services, and applications used or recommended by Cyber Advisors
- Understand and be able to articulate the information security strategy and business environment of diverse clients
- Establish and maintain client enterprise security vision, strategy, and programs
- Management experience overseeing mid-level and analyst/engineering teams
- Confidence and business acumen working with C-suite executives, and other business disciplines such as finance, HR, legal, and compliance
- Demonstrate ability to communicate with all levels of an organization, clearly and concisely present issues, alternatives, and recommendations
- Demonstrate ability to explain complex technical concepts to a non-technical audience
- Demonstrate ability to proactively look for process improvement opportunities, challenge conventional practices, and adopt new methods and best practices while showing continuous self-improvement
- Demonstrate remarkably high verbal and written communication skills, including strong technical documentation skills, and the ability to clearly record key information
- Demonstrate ability to manage and prioritize multiple tasks, aggressive targets, and deadlines
- Demonstrate understanding of priorities and effective work procedures, self-manage work time and prioritize multiple tasks and problems
- Practical experience within three or more of the following domains:
- Security operations – evaluating the IT threat landscape, devising cyber security policies and controls to reduce risk, leading IT security audits and assessments, and leading compliance initiatives
- Disaster recovery and/or business continuity – developing cyber resiliency programs so that organizations can rapidly recover from hacking, security incidents, or infringements
- Security governance – developing information security programs and deciding whether information security initiatives are worth the financial investments
- Documentation and technical writing – creating or contributing to a variety of security policy domains associated with compliance, governance, risk management, incident management, and writing concise, elegant, informative technical reports
- Compliance – ensuring that an organization is adaptable to evolving government, industry, and regulatory compliance frameworks
- Program development and execution – weighing business information security strengths, weaknesses, opportunities, and threats against an organization’s short and long-term business goals
- Demonstrated experience in a senior or enterprise-level governance, risk, or compliance role
- Strong interpersonal and leadership skills to influence and build credibility
- Demonstrate a sense of urgency with the ability to perform well under significant pressure
- Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences including executives
- Strong familiarity with SP 800 series, CIS Benchmarks, COBIT, and similar controls standards
- Demonstrate understanding of NIST CSF, CMMC, ISO 27000, and other security frameworks
Education and Certifications:
The successful candidate will hold:
- 8+ years’ experience in security, network, or cyber security analysis or operations
- CISSP strongly preferred or at minimum a bachelor’s or master’s degree in Information Assurance, Information Technology, Computer Science, or Business, or a related technical discipline, or equivalent professional experience related to information assurance, security, cyber, or computer network defense
- Relevant security related certifications include one or more CCISO, CISA, CISM, CCSK, CCSP or similar
- Experience with DoD or LEO communities a plus
Working Conditions and Physical Effort:
- Being responsive to company/project emergencies and availability after-hours is part of this position. Some out-of-state travel might also be required.
- This position includes both on-site and remote work activities.
- Highly competitive pay based on experience and skills
- Great opportunities for career advancement
- Employer paid Health and Dental Insurance for CAI employee
- 401k with employer matching
- Disability and Life Insurance
- Bonuses eligible
- Vacation and PTO
If you are a hard-working, easy-going and experienced individual with a strong work ethic, we’d love to talk to you.
Must be able to pass a criminal background check and drug screen.
Cyber culture is like no other. First and foremost, we believe in taking care of our employees and their families. Whether we are blowing off steam on the company-owned boat club, gathering for a fun summer family picnic, or hosting sales –vs- engineering paintball war, we play just as hard as we work. We believe good things come to those who sweat.