vCISO (Managed Services Security Manager)
West Monroe isn’t a start-up firm, but we act like one. From day one, our people have the opportunity to make a definitive personal impact for their clients and their careers. What does this mean? It means we seek out the best of the best, and then we challenge them to make us better.
If you are looking to be a “behind the scenes” technologist, this isn’t the place for you. We celebrate driven professionals who thrive in a collaborative environment. Our Managed Services team executes our “run” offering on behalf of our clients. We are a team of enthusiasts always focused on improving our execution and our client’s performance. Sound interesting? Then West Monroe Partners just might be the place for you.
Think you’re up for the challenge?
West Monroe Partners is currently seeking a Security Manager (vCISO) to oversee, advise, implement, and integrate West Monroe Partners managed security services at our Clients. The role is customer facing, and successful candidates should be, an excellent presenter with technical and non-technical audiences, ability to convey complex information and security concepts with ability to improve client’s security position, ability to influence and help Clients with strategy and problem solving.
Demonstrate an understanding of security technology and ability to apply commonly known security practices and possess a working knowledge of applicable industry controls such as the NIST cyber security framework. Individuals must be able to provide subject matter expertise and guidance to operational teams that request or require information security engineering. Candidates should be familiar with security services such as vulnerability management, incident response, event monitoring, threat management, and others.
Specific skills include, but are not limited to, the ability to:
- Thoroughly and accurately understand issues and analyze the problem in a systematic fashion.
- Performing risk assessments for projects, and providing guidance to leadership on the appropriate course of action
- Perform compliance assessments to determine if business systems are aligned with regulatory requirements, industry standards, best practices and to information security policy, procedures, and standards.
- Act as trusted security advisor to the Client as initial go-between for Client and the West Monroe Partners Security Operations Team for escalations
- Understand Client’s culture, security strategies, security goals, security objectives, security capabilities, and security budget
- Analyze each client's specific request and determine the underlying problem and recommend proper solution
- Design and create information security and processes (e.g., vulnerability mgmt., incident response, event monitoring, etc.)
- Keep Client abreast of problem status, set clear expectations, and provide timely follow-up to Client
- Independently handle challenging Client situations
- Provide reporting to Client personnel on a regular and ad-hoc basis
- Compiles and analyzes data for management reporting and metrics
- Assist with Client’s change management processes
- Work with client management and provide written and oral status updates; facilitate and lead meetings in both a project and escalated incident setting
- Generate ideas and lead research to develop new service offerings
- Become known as an external thought leader and understand the shifting technical landscape and how to leverage within Managed Services and clients
- Be a thought leader and work to improve or bring new ideas on service delivery best practices
- Build client relationships, obtain referrals and become client thought partner and introduce WMP expertise
- Perform other duties as required or assigned
- 5+ years of similar work experience in security
- Strong Knowledge of security strategy and risk management
- Excellent verbal and written communication and ability to conduct presentations to technical and non-technical groups
- Analyzes potential impact of new threats and communicates risks to relevant business units
- Validates and maintains incident response plans and processes to address potential threats
- Experience conducting research on security topics
- Experience with Incident Handling, Threat Intelligence, Security Architecture and Design
- Detailed knowledge of security technologies and trends
- Understanding of Firewalls, Intrusion Detection Systems, Security Information and Event Management (SIEM), Data Loss Prevention (DLP), Web Application Firewalls, Advanced Malware Defense Appliances, DDOS Prevention, Application Whitelisting, and Network Packet Capture Solutions.
- Excellent organizational, verbal and written communication skills
- Ability and willingness to travel nationally up to 10% and be able to travel to Chicagoland area clients
- Bachelor’s degree preferred
- Strong Knowledge of Security Strategy and Risk Management
- Experience with Information Security Compliance Frameworks like HIPAA, SOX, ISO 27001, ISO 27005, NIST 800-53, NIST 800-30, and PCI DSS is desired.
- Prior experience in a CISO, VP or Director of Security Position
- CISSP, CEH, SANS GIAC series and other certifications that demonstrate a commitment to continued professional information security advancement are expected, but not required
- Project management experience preferred
- Prior recognition as a published writer in the Information Security space
- Previous consulting experience and strong soft skills (active listening, problem solving, conflict resolution, etc.)