Cybersecurity Consultant
At Wipfli, people count
Our people are core to everything we do - the catalyst behind our ability to create exceptional impact and extraordinary results.
We believe in flexibility. We focus on relationships. We encourage each individual to follow their own path. And we seek feedback openly, from all.
People matter here and they feel it.
And we value curiosity. Curious is more than a personality trait. It's a way of thinking. Of learning. Of working.
There's purpose in this wonder. It makes us better. It makes us Wipfli.
If you want to be in an environment where you can make a difference - and make a professional home - Wipfli is the place for you.
Check out our Glassdoor Reviews to hear what people are saying about employment at Wipfli!
-Ability to assist and execute security and risk consulting engagements including security assessments, business continuity planning, security governance, policy and program development, security implementation assistance, and vulnerability testing services for our clients.
- Ability to perform consulting engagements with our Clients using a proven methodology that includes identifying client needs, executing assessments, identifying gaps between standard protocols and client given state, and making and consulting on recommendations to mitigate risk and implement recommendations.
- Perform assessments, develop written reports and other deliverables, and present reports to clients.
- Manage scope, budget and timeframes for completion of engagements.
-Leads or participates on engagements that perform information and cyber security risk assessments and deliver reports with results, gaps, findings and recommendations, to include:
- Cybersecurity Health Checks
- FFIEC Cybersecurity Assessment Tool (CAT)
- NCUA ACET Assessments
- NIST Cybersecurity Framework (CSF)
- NIST DFARS and 800-171 Assessments
- CMMC, FFIEC, NCUA, and NIST CSF cybersecurity assessments
- Microsoft Security components and technologies
-Assists clients with the implementation of their information security programs including development and consulting assistance with:
- Information security program and policy documents
- Program governance, roles and responsibilities, management oversight
- Vendor and third party risk management program support and due diligence
- Security awareness training
-Participate in delivering business continuity, disaster recovery, and incident response services for clients, including:
- Perform client business impact analysis to identify critical business processes and priorities, identify business impacts of services not being available, identify acceptable recovery time periods (including recovery time and recovery point objectives) and establish resources required for successful resumption of business operations.
- Facilitate processes to gather information from departments and management to define recovery requirements and document supporting information used to establish priorities.
- Develop and maintain client business continuity, disaster recovery, and incident response plans. Document client business processes, recovery procedures, resources, contacts, vendors and personnel.
- Assist in assessment of recovery capabilities for client technology. Document client recovery capabilities, analyze the risks and gaps in recovery capabilities, and draft assessment report.
- Develop and facilitate business continuity and incident response tabletop exercises and technical exercises for clients. This will include creating presentations for exercises, defining exercise objectives, documenting exercise plans, facilitation of exercises, scribing results during exercises and creating assessment reports.
-Provide security analyst and consulting services to clients, including:
- Project management and business analyst services
- Assist with the development of requirements, and analysis of solutions for clients
- Understand and provide product management and support for security assessment and management tools and technologies.
-Develop and maintain competence and thought leadership in information and cybersecurity
- Participate in the Continuing Professional Education program, essential to competence and continued professional growth, including obtaining and maintaining appropriate certifications in their areas of expertise.
- Stays abreast of current cyber security trends and threats to ensure that solutions provided to clients are applicable.
- Assist in ongoing research and development, review and improvement of cybersecurity consulting services and deliverables.
- Mentor other team members on subject matter expertise.
-Other duties as assigned to perform the responsibilities of the position and meet client expectations
- Remote position
- Bachelor's degree in Information Security, Information Technology or related discipline
- 2 + years related experience and/or training; or equivalent combination of education and experience in similar role
- Demonstrable hands on experience with security risk management disciplines, including, business continuity, IT risk management, cybersecurity assessments, security program governance, and security testing services
- General understanding of IT infrastructure and components, including application, systems and network. (e.g. servers, desktops/laptops, Cloud and SaaS, physical and virtual servers, storage, backup/recovery solutions, etc.)
- Basic understanding of various risk management frameworks and concepts such as FFIEC, ACET, NIST CSF, NIST 800-53, NIST 800-171, DFARS, ITAR, etc
- Demonstration of security and risk knowledge through attainment of industry security certifications desired, such as CBCP, CISSP, CRISC, CISM, CISA
- Ability to communicate and present to all levels of client personnel
- A high level of initiative, strong written and verbal communication skills and business acumen oriented around small to middle market companies
- Strong organizational skills in coordinating multiple projects/tasks simultaneously, and meeting deadlines
- Great attention to detail and problem solving skills
- Prior experience as a consultant is desired
- Proficient in Word, Excel, Outlook, and Adobe
Wipfli is an equal opportunity/affirmative action employer. All candidates will receive consideration for employment without regards to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identify, citizenship status, veteran status, disability, or any other characteristics protected by federal, state, or local laws. #LI-REMOTE
Alyanna (Ally) Graham, from our recruiting team, will be guiding you through this process. Visit her LinkedIn page to connect!
#LI-AG1