Virtual Chief Information Security Officer Consultant
Founded in 2015, The Crypsis Group specializes in data breach response, digital forensics, and risk management consulting services to a growing list of clients ranging from small enterprises to Fortune 50 corporations, as well as federal government agencies. Our experts combine deep security knowledge and proprietary technology to rapidly provide effective incident response, attack-readiness and remediation plans for organizations. With offices in McLean, New York, Chicago, Austin, and Los Angeles and significant year over year revenue growth, we are firmly entrenched and well positioned as a leading provider of incident response and risk management services.
Description of position:The vCISO is a senior/executive level consulting position. The vCISO will provide expert level guidance on all areas of cybersecurity and cyber risk management to Crypsis’ clients across a wide array of industries, geographies, and organizational structures. The vCISO will be the client’s advocate for cybersecurity risk management and will provide strategic and technical leadership in this area. This position requires onsite collaboration with client teams.
Responsibilities for the vCISO include:
- Assist Crypsis leadership in developing the proactive cybersecurity and risk management service offerings for clients.
- Assist clients in directing their information security strategy and aligns security programs with client business priorities.
- Create, enhance, review, and/or approve security policies, standards, controls, and processes as warranted by each client engagement.
- Identify appropriate tool-sets and services to be implemented to identify, detect, and respond to potential threats with corresponding communication and action plans.
- Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
- Evaluate, manage, and adjust security personnel and staffing levels to ensure proper knowledge of the ever-changing industry landscape to defend against future threats.
- Identification of risks, creation of actionable plans to protect the business, and scheduling periodic security audits.
- Forecast and develop budget, as required, for cyber related functions in collaboration with senior leadership.
- Cultivate and maintain relationships with key clientele to increase awareness of Crypsis’ capabilities and provide on-demand expertise for client needs.
- Advise senior leadership and board of directors on cybersecurity risk and advocate for managing risk.
- Provide hands-on, expert level consulting services to clients. Conduct and review security program risk assessments based on cybersecurity frameworks, regulations, and industry best practices.
- Amplify Crypsis’ presence and credibility in the marketplace through thought leadership, including via speaking engagements, articles, whitepapers, and media exposure.
- Help advance the capabilities of the firm, including by identifying new services, building partnerships, and/or ways to augment our current capabilities to better serve our clients.
Qualifications for the vCISO include:
- Demonstrated prior experience and success in designing and implementing an organization’s cybersecurity program, organizational structures, and capabilities.
- Experience as a senior-level team leader having established a security vision, strategy, and program, while anticipating future security and compliance challenges up to and including overseeing other seniors, mid-level analyst/consultant teams.
- Ability to travel as needed to meet business demands (on average 30%).
- Strong presentation, communication, and presence skills with verifiable industry experience in having held a CISO or vCISO role.
- Expert level of knowledge of applicable laws, compliance regulations, and industry standards as it relates to privacy, security, and compliance. Ability to provide discovery, triage, and remediation in addition to evaluation of threats.
- Technical proficiency in a wide range of cyber risk management services, including penetration testing, vulnerability assessments, and cybersecurity framework assessments, among others.
- Client services mindset and top-notch client management skills. Experienced-based understanding of clients’ needs and desired outcomes in cybersecurity and risk management engagements.
- Public speaking experience, demonstrated writing ability, including technical reports, business communication, and thought leadership pieces.
- Operates with a hands-on approach to service delivery with a bias towards collaboration and teamwork.
- Must be results driven and strategic.
- Cybersecurity industry certifications such as CISSP and/or CISM are a plus.
- Bachelor’s Degree; an advanced degree such as MS, MBA or Juris Doctorate (JD) is a plus.