Director of Security Compliance - Industrial Cybersecurity Consulting - & Co. (Multiple Locations)
Company: Burns & McDonnell
Location: Orlando
Posted on: May 4, 2024
|
|
Job Description:
Description
1898 & Co. is looking for its next leader within the Security &
Risk Consulting group focused on helping our clients secure their
operational technology and assets. The Director of Security
Compliance within the Industrial Cybersecurity Consulting group
will lead the group of Governance and Compliance Consultants that
provide consulting service offerings from 1898 & Co.'s Security &
Risk Consulting group, reporting to the Security & Risk, Consulting
Business Line Leader.
1898 & Co. is a global business, technology and security
consultancy serving critical infrastructure industries. We partner
with clients to plan, secure, and optimize their business. As part
of Burns & McDonnell and our 120 years of industry experience, we
understand the complexity of the asset-intensive business model,
the trends impacting the industry, and the need to ground big ideas
in operational realities.
We have a group specifically focused on industrial cybersecurity.
When it comes to industrial cybersecurity, critical infrastructure
industries face unprecedented challenges. The risk of cyber
sabotage is on the rise. And evolving technologies create
complexities that are increasingly difficult to manage. Our team is
among the small pool of professionals who can operate at the
intersection of critical infrastructure and cybersecurity.
We're looking for someone ready to take the lead of the Security
Compliance team with an entrepreneurial spirit and to implement our
core values into their work. 1898 & Co. has the feel of a start-up,
with the support of Burns & McDonnell's vast resources. It's what
makes us unselfish collaborators. We proactively walk the talk to
create bigger opportunities through sharing, communicating, and
candidness. We are energy-givers who maintain a broader view of
success, prioritizing others' needs and goals in addition to our
own.
1898 & Co.'s Business Lines facilitate a strategic approach to
selling services, developing staff, and maintaining client
relationships. The Director of Security Compliance primary
responsibility is to help lead the Security Compliance Delivery
team to meet the near-term goals and long-term vision for the
Business Line that supports the growth of 1898 & Co. The Director
of Security Compliance displays grit in their leadership role and
the work they deliver. They are confident and willing to take it to
the next level.
The Director of Security Compliance will be required to lead a team
of Governance and Compliance consultants that work with numerous
entities within a variety of industries, including energy,
utilities, manufacturing, and government.
What You'll Do:
As a Director of Security Compliance, you will be responsible for
and manage the Security Compliance group within the Business Line
of Industrial Cybersecurity Consulting service offerings. You'll
work with the Consulting Business Line Leader to support overall
business planning, while being responsible for the Security
Compliance group's Profit and Loss. You'll lead the group of
Security Compliance Consultants responsible for project execution,
and team leadership. Key responsibilities will include:
Support the Consulting Business Line to help create, develop,
manage, and communicate the strategic direction of the Consulting
Business Line. In collaboration with the Business Line Leader,
you'll help set financial targets for the Security Compliance team,
such as sales, revenue, profitability, and chargeability, as well
as budgets for overhead expenses, such as marketing trips,
conferences, software, certifications, etc. You'll help prepare and
manage a business plan for the strategic growth of the Consulting
Business Line, including expansion of current and new service
offerings, marketing activities, client retention and acquisition,
and staff growth plan.
Support a team of Governance and Compliance consultants to
facilitate timely, quality, and profitable execution of projects
within the Business Line and serve as quality control leader for
deliverables. You're accountable for key financial performance
metrics within the Business Line and the execution of projects.
Serve as a Offering Leader on all aspects of project execution,
including scope, schedule, and budget, and ensure quality control
of deliverables. You'll analyze and communicate project status,
risks, schedule, and costs to all internal and external
stakeholders. You'll lead multi-discipline teams of engineers and
analysts. Your communication and planning skills are vital to
keeping everyone on the same page with personnel needs to
department management.
Mentor, train, and support the career development of Security
Compliance consultants within the business line.
Specific responsibilities include:
Overall management of Security Compliance Consulting Team
Develop and lead a global Security Compliance Strategy supporting
the successful delivery of security outcomes across Security Risk &
Consulting Delivery.
Serve as the Business Owner of Security Compliance processes, tools
and governance, including documentation of all processes (sales
engagement and delivery), the training of Governance and Compliance
team and assessment of new processes and tools when required.
Create a repository for all delivery documentation; keeping the
repository updated
Align Security Compliance team with 1898 CX Principals
Review utilization and assignment of projects -ensuring proper
utilization for team members
Monitor and proactively address project risks
Manages Governance and Compliance projects for industrial control
systems (ICS), ensuring timely, on budget completion and adherence
to established methodologies and guidelines.
Advise on the pursuit and proposal process for client engagements,
contributing technical expertise to craft compelling proposals that
showcase value of our Security Compliance Offerings.
Lead the estimation and resource allocation process for Governance
and Compliance engagements, providing insights into project
requirements, complexities, and potential challenges, ensuring
efficient project planning and execution.
Achieve client-specific cybersecurity goals by identifying
compliance variances in our critical infrastructure clients and
recommending appropriate remediation measures.
Develop comprehensive Governance and Compliance reports that
clearly outline findings, risks, and recommendations for improving
the security posture of industrial control systems.
Advise clients on best practices for securing their industrial
networks and control systems, including network segmentation,
authentication, and encryption.
Assign tasks and responsibilities to junior Governance and
Compliance Consultants, providing guidance and mentorship to
develop their skills and expertise in ICS security.
Decide on the scope and objectives of Governance and Compliance
work, based on client requirements and industry-specific
regulations and standards.
Oversee the continuous improvement of internal processes and
procedures, promoting a culture of excellence and innovation within
the Security Compliance Team.
Approve and review Governance and Compliance methodologies and
tools, ensuring their suitability for assessing the security
posture of various ICS architectures and technologies.
Think "outside the box" to develop specialized techniques to
gather, evaluate and present compliance information to clients that
goes beyond the typical "check box" exercises of compliance.
Initiate client communication, establishing a collaborative
relationship and maintaining transparency throughout the delivery
process.
Perform and manage performance of compliance maturity reviews based
on an existing frameworks, including, but not limited to: NERC CIP,
TSA, CMMC, AWIA, ISO27001, NIST CSF, NIST 800-171, and formulate a
program to close the gaps.
Delegate responsibilities to team members, ensuring a balanced
workload and optimal use of resources during engagements.
Determine training needs for the team and participates in
developing ICS cybersecurity training materials and programs, by
level, by role and by specific consultant.
Supervise the assessment of emerging cybersecurity governance and
compliance standards specific to our critical infrastructure
clients,
incorporating this knowledge into methodologies, strategies,
offerings and training of consultants testing.
Monitor and ensure CSAT responses on Security Compliance Projects
and ensure all engagements are at or above satisfactory for all
projects
Enforce strict adherence to legal and ethical guidelines during
Security Compliance engagements, ensuring that all activities
comply with applicable laws, regulations, and industry
standards.
Collaborate with other cybersecurity professionals, staying current
on industry trends and advancements in ICS security, and
contributing to the broader knowledge base of the organization.
Conduct quarterly reviews and provide feedback to Security
Compliance team members on progress
Develop and maintain relationships with internal clients (Offering
Leaders) to ensure escalation paths are clearly defined
Develop, manage, and update all Security Compliance sales
documentation - required for sales, internal training, internal
reference, website content, etc.
Other duties as assigned
Qualifications
Bachelor's degree in Computer Science, Cybersecurity, Electrical
Engineering, or a related field from an accredited program is
required.
Applicable years of experience may be substituted for the degree
requirement.
Minimum 13 years of professional experience required. 10 years of
experience in cybersecurity, with at least 5 years specifically in
Governance, Risk and Compliance is preferred.
5 years Consulting Management experience is preferred
Industry-recognized certifications to be considered, such as:
CRISC; CISM (CISSP); Cobit; SABSA Foundation; ISO27001 (ISMS);
IEC52443; ITIL / ISO20000; Compliance Officer (IT, ICS); BCM
(ISO22301); Agile Foundation
Proven leadership experience.
Excellent analytical, problem-solving, and communication
skills.
Ability to work independently and collaboratively within a team
environment.
Strong attention to detail, facilitation, team building, and
collaboration skills
EEO/Minorities/Females/Disabled/Veterans
Job Consulting
Primary Location US-MO-Kansas City
Other Locations US-VA-Richmond, US-AZ-Phoenix, US-DC-Washington,
US-TX-Houston, US-FL-Orlando, US-MD-Baltimore, US-TX-Austin,
US-VA-Norfolk, US-GA-Atlanta, US-TX-Dallas, US-IL-Chicago,
US-SC-Greenville
Schedule: Full-time
Travel: Yes, 25 % of the Time
About 1898 & Co. 1898 & Co. is a business, technology and security
solutions consultancy where experience and foresight come together
to unlock lasting advancements. We innovate today to fuel our
clients' future growth, catalyzing insights that drive smarter
decisions, improve performance and maximize value. As part of Burns
& McDonnell, we draw on more than 120 years of deep and broad
experience in complex industries as we envision and enable the
future for our clients.
Burns & McDonnell is an Equal Opportunity Employer
Minorities/Females/Disabled/Veterans
Req ID: 241530
Job Hire Type Experienced #LI-MG #E98 N/A
Keywords: Burns & McDonnell, Greater Carrollwood , Director of Security Compliance - Industrial Cybersecurity Consulting - & Co. (Multiple Locations), Executive , Orlando, Florida
Click
here to apply!
|