Virtual CISO

Description

DOT Security leverages expert personnel, efficient processes, & effective technology to improve client cybersecurity through outstanding detection, response, risk management, & compliance services. DOT continuously improves internal processes & technology to enhance provided services & yield increased client resilience against cyberattacks.

DOT is seeking to fill the role of Virtual Chief Information Security Officer (vCISO). A Virtual Chief Information Security Officer (vCISO) acts as the client liaison for Managed Security services. The vCISO coordinates with the SOC team, client executive leadership, & client IT support to ensure excellent services are delivered.

The vCISO is not a remote position. The vCISO is required to be on-site at the DOT Security- Security Operations Center.

Responsibilities

• Advise clients on cyber risk & appropriate security training for intended audiences
• Align client cybersecurity strategy with information technology (IT) & business goals
• Analyze & provide feedback on cybersecurity policies, procedures, & plans
• Assess the effectiveness of client cybersecurity measures & controls
• Compile & maintain Risk Registers with comments & next-touch dates to drive progress
• Develop and deliver reports to inform client decision makers about cyber risk
• Establish & maintain communication channels with client IT & executive stakeholders
• Monitor & report client-level telemetry status, coverage, & performance
• Share meaningful insights about client risks to improve risk comprehension
• Track client maturity against CIS Control groups over time
• Act with a sense of urgency, identify alternatives, & set realistic timeframes for resolution
• Complete work based on priority, follow through as promised, & set expectations
• Contribute to & perform both new & pre-existing plans, instructions, & procedures
• Demonstrate active listening & critical thinking skills & comprehend received information
• Interpret & understand complex & evolving concepts in a dynamic, fast-paced environment
• Maintain awareness of technology advancements & their cybersecurity implications
• Understand & present technical concepts to non-technical audiences
• Provide exceptional customer service & remain calm under pressure
• Resolve problems in early stages & ticket labor, notes, & details in a ticketing system
  
  

Things We Are Looking For

Knowledge/Skills/Abilities

• Client relationship management (listening, setting expectations, delivering results)
• Feedback interpretation for process, product, & service improvement
• Policy, process, & procedure writing & review concepts
• Project Management principles & techniques
• Risk assessment methodologies & management processes (scoring, mitigation)
• Supply chain risk management standards, processes, & practices
• Ability to work independently & as part of a team
• Adaptability to situations in which data is incomplete or where no precedent exists
• Assets (applications/data/devices/networks/users) & related cybersecurity concepts (monitoring/hardening)
• Communicate & collaborate in a clear, professional, & concise manner using technology, tools, & workspaces
• Critical thinking, customer service skills, & passion for cybersecurity
• Documenting & communicating complex technical concepts, incidents, problems, & events
• Preparation & delivery of reports, plans, & briefings using presentation technology
• System administration and cybersecurity theories, concepts, & methods
• System resiliency, redundancy, data backup, recovery, business continuity, & disaster recovery concepts
• Ethical hacking principles & the ability to work ethically & with integrity
  
  

Other Desired Attributes

• Public Trust background check (Limited Requirement)
• Relevant work experience in managed services industry
• Cyber community participation (conferences/groups/tool authoring/CTFs)
• Familiarity with at least one scripting language (Perl/Python/PowerShell)
• Understanding of CIS Controls, NIST CSF, MITRE ATT&CK, and OWASP
• Relevant college degrees
• Certifications including CISSP, CISM
  
  

Benefits

• 20 days of PTO
• 12+ paid holidays
• Flexible Sick Day Policy
• Paid Parental Leave
• Comprehensive Health, Disability Life, Dental and Vision Plans
• 401(K) discretionary match & retirement plans
• Continued education reimbursement
• On-going training and development opportunities