IT Risk Compliance Director
The IT Risk Compliance Director shall provide on-demand cybersecurity staff augmentation services to support the Department in proactively identifying, analyzing, and mitigating cybersecurity risks across its enterprise environment. The IT Risk Compliance Director services shall include, but are not limited to:
- Conduct comprehensive vulnerability assessments using industry-standard tools and methodologies;
- Perform penetration testing using a structured approach progressing from passive to active techniques;
- Identify and analyze Indicators of Compromise (IOCs), unauthorized access attempts, and data exfiltration risks;
- Manage misconfigurations and insecure network services;
- Apply and interpret Common Vulnerability Scoring System (CVSS) for risk prioritization;
- Conduct threat hunting activities to detect active or persistent threats within enterprise environments; and
- Provide incident response support, including containment, eradication, and recovery recommendations.
Requirements/Qualifications
A bachelor’s or master’s degree from an accredited college or university in Computer Science, Information Systems, or other related field, or four (4) years of equivalent work experience is required. Relevant experience may be substituted for education on a year-for-year basis when applicable.
The Department requires the following experience, skills, and knowledge for this position:
- Demonstrated experience providing cybersecurity services for large, complex enterprise environments, preferably within government or criminal justice agencies;
- Proven track record delivering threat hunting, vulnerability assessments, penetration testing (internal and external), and incident response services;
- Experience supporting environments subject to Criminal Justice Information Services (CJIS) Security Policy requirements;
- Ability to provide advisory services, including cybersecurity strategy, governance, risk, and compliance (GRC), and remediation planning;
- Minimum five (5) or more years of hands-on cybersecurity experience in one or more of the following: threat hunting and threat intelligence, penetration testing and ethical hacking, vulnerability management, and Incident response and digital forensics; and
- Demonstrated experience operating in both offensive security roles (e.g., red team, penetration testing) and defensive security roles (e.g., Security Operations Center [SOC], blue team, and incident response).
- NOTE: In addition to the above list, the selected Candidate must successfully complete a Level II Background Check.
Preferred Qualifications
- The Department prefers the Candidate to have the following experience, skills, and/or knowledge for this position:
- Experience conducting red team and adversarial simulation exercises;
- Ability to support cybersecurity roadmap development and maturity assessments;
- Relevant industry certifications are preferred, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Offensive Security Certified
- Professional (OSCP), Global Information Assurance Certification (GIAC), Certified Information Security Manager
(CISM), and Certified Information Systems Auditor (CISA); and - Experience integrating with client Managed Service Providers (MSPs) and internal IT teams.
ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law
Apply for this job
*
indicates a required field