Job description

The Cyber Security and Tech Risk Consultant/ Senior Consultant/ Manager performs Cyber and IT Risk assessments, makes recommendations and implements steps to combat and identify cyber threats. S/he will conduct research and evaluate technical and all-source intelligence--with specific emphasis on network operations and cyber tactics, techniques, and procedures--focusing on the threat to networked weapons platforms and information networks.

The Analyst will correlate threat data from various sources and analyze network events to establish the identity and modus operandi of malicious users active in networks or posing potential threats to networks. S/he will work closely with other technical, forensic and incident management personnel to develop a fuller understanding of the intent, objectives and activity of cyber threat actors. Overall, s/he will work with our clients to help enhance their IT risk strategy, optimize risk management functions and improve controls and processes.

 

Business Communication

• Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments.
• Understands “voice of the customer” and develops mechanisms to proactively sense adoption and usage patterns of consumer technologies by end users so that policy can align with need.
• Coordinates with technology and business groups to assess, implement, and monitor IT-related security risks/hazards.
• Prepares assessments and cyber threat profiles of current events based on the sophisticated collection, research and analysis of classified and open source information.
• Produces high-quality papers, presentations, recommendations, and findings for Senior Level Management and Enterprise Technology Leaders.
• Provides briefings and presentations to customer leadership supporting Information Security and Network Operations decision making.

General Profile:

• Requires specialized depth and/or breadth of IT Risk expertise.
• Interprets internal or external business issues and recommends best practices.
• Collaborates with others to solve complex problems; uses sophisticated analytical thought to exercise judgment and identify innovative solutions.
• Works independently, with guidance in only the most complex situations.

Technical Expertise:

• Understand and utilize physical components, types of networks/operating systems/databases, protocols, and topologies.
• Must be well versed in the techniques that actors utilize to attack an organization and understand how to pull information from large data sets and how to structure information for reuse.
• Knowledge of collection and analysis methods as well as knowledge in multiple tools (e.g. Penetration Testing), mostly targeted to data correlation and technical areas.

Functional Knowledge:

• Interprets IT Risk business challenges, identifies trends and recommends best practices.

Business Knowledge:

• Able to articulate complex Cyber Threats to non-technical business leaders.
• Excellent verbal and written communication skills.
• Ability to train IT security concepts.
• Strong problem solving and analytical skills.

Leadership, Decision Making and Communication Requirements:

• Works independently and with minimal direction to identify emerging threats to network environments.
• Ability to react to high pressure dynamic changing environments.
• Team oriented, with the ability to work with diverse personnel within the intelligence capability.
• Makes decisions that have cross-functional impact.
• Understand how to turn requirements for intelligence into collection requirements, collect, prioritize, and store information from multiple intelligence disciplines.
• Communicates complex ideas; persuades and negotiates with others, often at senior levels, to adopt a different point of view.
• Have the ability to explain and defend the assessments and recommendations that are made.

Problem Solving:

• Collaborates with others to solve complex problems; uses sophisticated analytical thought and education and/or equivalent experience to exercise judgment and identify innovative solutions.
• Critical thinking: Demonstrates the ability to define the problem, apply root cause analysis on Cyber Security controls and propose recommended courses of action.