Job Description
Job Summary:
The Security Control Assessor / Cybersecurity Manager is responsible for performance of cybersecurity framework assessments to determine compliance with Government-mandated contractual cybersecurity regulatory certification. This includes: Cybersecurity Maturity Model Certification (CMMC) for Maturity Levels 1, 3, and 5, NIST SP 800-171, NIST SP 800-172, NIST SP 800-53 (RMF), ISO 27001, CIS, the NST Cybersecurity Framework, and many others. This role also serves as customer-facing CISO, providing continuous management of customer cyber policies, technical solution implementation, certification process guidance, and incident responder.
Job Duties:
• Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties, and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed
• Knowledge of current and emerging cyber technologies
• Evaluates a system's compliance with information technology (IT) security, resilience, and dependability requirements
• Knowledge of computer networking concepts and protocols, and network security methodologies
• Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities
• Assesses the effectiveness of NIST 800-171/CMMC security controls
• Designs/integrates a cyber strategy that outlines the vision, mission, and goals that align with the organization's strategic plan.
• Drafts, staffs, and publishes cyber policy
• Develops methods to monitor and measure risk, compliance, and assurance efforts
• Develops specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level
• Drafts statements of preliminary or residual security risks for system operation.
• Maintains information systems assurance and accreditation materials
• Performs security reviews, identifies gaps in security architecture, and develops a security risk management plan
• Performs security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
• Performs risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change
• Plans and conducts security authorization reviews and assurance case development for initial installation of systems and networks
• Verifies that application software/network/system security postures are implemented as stated, documents deviations, and recommends required actions to correct those deviations
• Assesses policy needs and collaborates with stakeholders to develop policies to govern cyber activities
• Monitors the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services
• Provides policy guidance to cyber management, staff, and users
• Reviews, conducts, or participates in audits of cyber programs and projects
• Supports the CIO in the formulation of cyber-related policies
• Interprets and applies applicable laws, statutes, and regulatory documents and integrate into policy
• Promotes awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
• Knowledge of emerging technologies that have potential for exploitation by adversaries
• Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity
• Knowledge of specific operational impacts of cybersecurity lapses
• Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues
Supervisory Responsibilities:
• Serves as a member of the consulting group's management team
• Supervises, develops, and trains associates and senior associates
• Reviews and evaluates work prepared by associates and senior associates
• Trains associates and senior associates on how to use current software tools and Industry Specialty Services methodology
• Schedules and supervises workload of associates and senior associates
• Provides verbal and written performance feedback to associates and senior associates
• Acts as a Career Advisor to associates and senior associates
Qualifications, Knowledge, Skills and Abilities:
Education:
• Bachelor's degree in Cybersecurity, Information Assurance, Information Technology, Software Engineering, Information Systems, Computer Science, Computer Engineering or other relevant field, required
• Master's degree, preferred
Experience:
• 5 or more years of relevant experience including experience in Cybersecurity, information assurance, information technology, software engineering, information systems, computer science, computer engineering, required
• Prior experience in Risk Management Framework (RMF), Assessing NIST 800-171 or other cybersecurity Framework, preferred
• Prior experience in cyber architecture or systems/network administration or serving an IT role, preferred
License/Certifications:
• One (1) or more certifications, required:
• Security +
• CISSP
• CISM
• CEH
• CHFI
• CySA+
• CCNA Security
• CAP
• CNDA
• CMMC Registered Practitioner
• CMMC Certified Assessor
Software:
• Proficient in Windows 10, Windows Server, Active Directory, Email platforms such as MS Exchange, preferred
• Cloud Platforms a plus (AWS, Microsoft Azure, Microsoft Office 365 GCC High), preferred
Hardware:
• Familiar with Firewalls, VPNs, IPS/IDS, Wifi, routers, network equipment, and general security concepts and secure configuration of network equipment, required
• Good knowledge of Network Security design and principles, required
Language:
• N/A
Other Knowledge, Skills & Abilities:
• Excellent oral and written communication skills, specifically business / report writing
• Strong analytical and basic research skills
• Solid organizational skills especially ability to meet project deadlines with a focus on details
• Ability to successfully multi-task while working independently or within a group environment
• Proven ability to work in a deadline-driven environment and handle multiple projects simultaneously
• Demonstrated command of Cybersecurity Assessment Frameworks (CMMC, NIST 800-171, NIST 800-53, ISO 27001, NIST CSF, CIS)
• Ability to follow and apply specific rules and regulations
• Ability to work with minimal supervision
• US citizenship required
Individual salaries that are offered to a candidate are determined after consideration of numerous factors including but not limited to the candidate's qualifications, experience, skills, and geography.
National Range: $130,000 - $150,000
NYC/Long Island/Westchester Range: $130,000 - $150,000
Maryland Range: $130,000 - $150,000
About Us
Join us at BDO, where you will find more than a career, you'll find a place where your work is impactful, and you are valued for your individuality. We offer flexibility and opportunities for advancement. Our culture is centered around making meaningful connections, approaching interactions with curiosity, and being true to yourself, all while making a positive difference in the world.
At BDO, our purpose of helping people thrive every day is at the heart of everything we do. Together, we are focused on delivering exceptional and sustainable outcomes and value for our people, our clients, and our communities. BDO is proud to be an ESOP company, reflecting a culture that puts people first, by sharing financially in our growth in value with our U.S. team. BDO professionals provide assurance, tax and advisory services for a diverse range of clients across the U.S. and in over 160 countries through our global organization.
BDO is the first large accounting and advisory organization to implement an Employee Stock Ownership Plan (ESOP). A qualified retirement plan, the ESOP offers participants a stake in the firm's success through beneficial ownership and a unique opportunity to enhance their financial well-being. The ESOP stands as a compelling addition to our comprehensive compensation and Total Rewards benefits* offerings. The annual allocation to the ESOP is fully funded by BDO through investments in company stock and grants employees the chance to grow their wealth over time as their shares vest and grow in value with the firm's success, with no employee contributions.
We are committed to delivering exceptional experiences to middle market leaders by sharing insight-driven perspectives, helping companies take business as usual to better than usual. With industry knowledge and experience, a breadth and depth of resources, and unwavering commitment to quality, we pride ourselves on:
• Welcoming diverse perspectives and understanding the experience of our professionals and clients
• Empowering team members to explore their full potential
• Our talented team who brings varying skills, knowledge and experience to proactively help our clients navigate an expanding array of complex challenges and opportunities
• Celebrating ingenuity and innovation to transform our business and help our clients transform theirs
• Focus on resilience and sustainability to positively impact our people, clients, and communities
• BDO Total Rewards that encompass so much more than traditional "benefits." Click here to find out more!
• Benefits may be subject to eligibility requirements.
Equal Opportunity Employer, including disability/vets
Click here to find out more!
