Job Summary: The Industry Specialty Services Manager is responsible for performance of cybersecurity framework assessments to determine compliance with Government-mandated contractual cybersecurity regulatory certification. This includes: Cybersecurity Maturity Model Certification (CMMC) for Maturity Levels 1, 3, and 5, NIST SP 800-171, NIST SP 800-172, NIST SP 800-53 (RMF), ISO 27001, CIS, the NIST Cybersecurity Framework, and many others. This role also serves as customer facing vCISO, providing continuous management of customer cyber policies, technical solution implementation, certification process guidance, and incident responder. Job Duties Applies applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed. Knowledge of current and emerging cyber technologies. Evaluates a system's compliance with information technology (IT) security, resilience, and dependability requirements. Knowledge of computer networking concepts and protocols, and network security methodologies. Develops policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities Assesses the effectiveness of NIST 800-171/CMMC security controls. Designs/integrates a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan. Drafts, staffs, and publishes cyber policy. Develops methods to monitor and measure risk, compliance, and assurance efforts. Develops specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level. Drafts statements of preliminary or residual security risks for system operation. Maintains information systems assurance and accreditation materials. Performs security reviews, identifies gaps in security architecture, and develops a security risk management plan. Performs security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy. Performs risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. Plans and conducts security authorization reviews and assurance case development for initial installation of systems and networks. Verifies that application software/network/system security postures are implemented as stated, documents deviations, and recommends required actions to correct those deviations. Assesses policy needs and collaborate with stakeholders to develop policies to govern cyber activities. Monitors the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services. Provides policy guidance to cyber management, staff, and users. Reviews, conducts, or participates in audits of cyber programs and projects. Supports the CIO in the formulation of cyber-related policies. Interprets and applies applicable laws, statutes, and regulatory documents and integrate into policy. Promotes awareness of cyber policy and strategy as appropriate among management and ensures sound principles are reflected in the organization’s mission, vision, and goals. Leverages best practices and lessons learned of external organizations and academic institutions dealing with cyber issues. Supervisory Responsibilities Serves as a member of the consulting group’s management team Supervises, develops, and trains associates and senior associates Reviews and evaluates work prepared by associates and senior associates Trains associates and senior associates on how to use current software tools and Industry Specialty Services methodology Schedules and supervises workload of associates and senior associates Provides verbal and written performance feedback to associates and senior associates Acts as a Career Advisor to associates and senior associates Education Qualifications, Knowledge, Skills and Abilities: Bachelor’s degree in Cybersecurity, Information Assurance, Information Technology, Software Engineering, Information Systems, Computer Science, or Computer Engineering, required Advanced degree, preferred Experience 5 or more years of relevant experience including experience in Cybersecurity, Information Assurance, Information Technology, Software Engineering, Information Systems, Computer Science, or Computer Engineering, required Prior experience in Risk Management Framework (RMF), Assessing NIST 800-171 or other cybersecurity Framework, required Prior experience in Cyber Architecture or Systems/Network Administration or serving an IT role, required License/Certifications Any of the following certifications are preferred, at least 1 certification will be required to qualify: Security + CISSP CEH CHFI CySA+ CCNA Security CAP CNDA CMMC Registered Practitioner CMMC Certified Assessor Software Proficient in Windows 10, Windows Server, Active Directory, Email platforms such as MS Exchange, required Cloud Platforms a plus (AWS, Microsoft Azure, Microsoft Office 365 GCC High) Hardware Familiar with Firewalls, VPNs, IPS/IDS, Wifi, routers, network equipment, and general security concepts and secure configuration of network equipment, required Good knowledge of Network Security design and principles, required Language N/A Other Knowledge, Skills & Abilities Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge of emerging technologies that have potential for exploitation by adversaries. Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. Knowledge of specific operational impacts of cybersecurity lapses. Excellent oral and written communication skills, specifically business / report writing Strong analytical and basic research skills Solid organizational skills especially ability to meet project deadlines with a focus on details Ability to successfully multi-task while working independently or within a group environment Proven ability to work in a deadline-driven environment and handle multiple projects simultaneously Demonstrated command of Cybersecurity Assessment Frameworks (CMMC, NIST 800-171, NIST 800-53, ISO 27001, NIST CSF, CIS) Ability to follow and apply specific rules and regulations Ability to work with minimal supervision About Us BDO delivers assurance, tax, digital technology solutions and financial advisory services to clients throughout the country and around the globe. We offer numerous industry-specific practices, world-class resources, and an unparalleled commitment to meeting our clients’ needs. We currently serve more than 400 publicly traded domestic and international clients. Unparalleled partner-involvement Deep industry knowledge and participation Geographic coverage across the U.S. Cohesive global network Focused capabilities across disciplines BDO brings world-class resources and exceptional service to each and every one of our clients. BDO USA is a member of BDO International, the world’s fifth largest accounting network. BDO offers a competitive Total Rewards package that encompass so much more than – “traditional benefits”. Our wide range of rewards and our employees’ ability to customize rewards to their individual needs are two of the reasons why BDO has been honored with so many workplace awards, including 100 Best Companies for Working Parents, Working Mother 100 Best Companies, Top Entry Level Employer, 2022 National Best & Brightest Companies to Work For and more. Some Examples Of Our Total Rewards Offerings Include Competitive pay and eligibility for an annual performance bonus. A 401k plan plus an employer match Comprehensive, medical, dental, vision, FSA, and prescription insurance from day one Competitive Paid Time Off with daily accrual from day one of employment, plus paid holidays Paid Parental Leave Adoption Assistance Firm paid life insurance Wellness programs Additional offerings include BDO Flex, Group Legal insurance, Pet insurance and Long-Term Care Insurance Above offerings may be subject to eligibility requirements. Click here to find out more! All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability or protected veteran status. BDO USA, LLP is an EO employer M/F/Veteran/Disability

The Information Security Manager (ISM) acts as an interface between the strategic activities and the tactical work of the technology-focused members of the Tech Services organization. The ISM is able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting. The ISM coordinates the IT organization's technical activities to implement and manage security infrastructure, and to provide regular status and service-level reports to management. Primary Location... The ideal Information Security Manager candidate resides in either Tucson, AZ, working out of Nova Home Loan's Corporate office, or will reside in Phoenix, AZ, working remotely. Evolving as a Information Security Manager by having… 5 years of hand on experience in information technology field, with 2+ years in information security administration. Familiarity with applicable legal and regulatory requirements, including, but not limited to GLBA, and CCPA. CISSP, CISM or CEH certifications preferred. Bachelor’s degree or equivalent work experience Exciting Opportunities to Grow by… Perform risk, business impact and vulnerability assessments. Identify and implement tools to improve information security. Mentoring and training of junior level staff Responsible for managing and implementing NOVA’s incident response program Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance. Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department. Work as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements. Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the VCISO with a realistic overview of risks and threats in the enterprise environment. Provide support and guidance for legal and regulatory compliance efforts, including audit support. Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations. Other duties as assigned Show Us Your Growth With... Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff. Experience working with legal, audit and compliance staff. Experience developing and maintaining policies, procedures, standards, and guidelines. Experience with common information security management frameworks. (CIS Top 20 preferred) Ability to work effectively with business managers, production, and operations staff as well as IT engineers, technicians, and administrators. Understanding of Agile process management principles. An understanding of operating system internals and network protocols. Familiarity with the principles of cryptography and cryptanalysis. Excellent organization skills. Excellent troubleshooting/critical thinking skills. Ability to adapt in a fast-paced environment and manage multiple ongoing projects with competing deadlines. Ability and desire to learn new skills quickly Ability to maintain confidentiality with sensitive customer and internal information Experience in leading project teams Experiencing in developing and managing projects Benefits Offered... NOVA benefits to full time employees include Employee Discount, Paid Time Off, Health/Dental/Vision/Life/Disability Insurance, 401(k) with an employer match, Health Savings Account with employer contribution, and an Employee Assistance Program NOVA® Home Loans is an Equal Opportunity Employer and does not discriminate based on race, color, religion, national origin, sexual orientation, gender, pregnancy, age, disability, or any other protected classification under federal or state law. Reasonable accommodations may be made for persons with disabilities. Please contact Nova’s Human Resources Department if you have any questions or concerns regarding any employment related issue.

CBIZ · Tampa, FL (Remote) $175,000/yr · Full-time · Mid-Senior level CBIZ Risk & Advisory Services offers consulting, outsourcing and co-sourcing services to public and private companies of all sizes by providing national caliber expertise combined with highly personalized service. As part of CBIZ, (NYSE: CBZ), one of the top financial services providers in the country, CBIZ Risk & Advisory Services provides internal audit, Sarbanes-Oxley compliance, cybersecurity, supply chain management, ESG and risk consulting services to leading businesses across North America. With over 120 offices and nearly 7,000 associate s throughout the U.S. CBIZ (NYSE: CBZ) delivers top-level financial and employee business services to organizations of all sizes, as well as individual clients, by providing national-caliber expertise combined with highly personalized service delivered at the local level.     As part of CBIZ, (NYSE: CBZ), one of the top financial services providers in the country, CBIZ Pivot Point Security a business unit of CBIZ Risk & Advisory Services, provides governance, risk, and compliance (e.g., ISO 27000 series, SOC 1 & 2, CMMC, FedRAMP, NIST-800 series, etc..), cloud security, network and application assessments and penetration testing, third-party & supply chain risk management, and virtual Chief Information Security Officer services to leading businesses across North America. We are looking for a Senior Advisory Consultant to consult and advise our clients on designing, implementing, and managing Information Security Management Systems (ISMS) to protect their organization's infrastructure and maintain compliance with various regulations, standards, and frameworks (ISO 27001, HIPPA, SOC 2, etc…). You will be responsible for working with our client's senior leadership and internal IT teams to advise and e nsure security actions are evaluated, validated, and implemented as required. To be successful as a Senior Advisory Consultant, you should have expert analytical skills and in-depth knowledge of information security practices to proactively identify and prevent a wide range of security threats in client environments. Top candidates will also be excellent communicators; training and educating our client's key stakeholders in various information security topics. If you thrive in a dynamic environment, like challenges, and believe work and fun are not mutually exclusive, you may be the one we're looking for. We need team players who are smart and creative, love IT assurance, and want to grow with a growing company: who are as comfortable talking with senior management about certification or attestation strategies as they are with a Developer or System Administrator about securing microservices or the latest Windows’ exploit. Essential Functions and Primary Duties: Consulting with our client's senior management team and their internal IT departments to improve their information security posture. Promote awareness of security issues among client management and ensure sound security principles are reflected in the organization's vision and goals. Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits,inspections, etc. Continuously validate client organization against policies/guidelines/procedures/regulations/laws to ensure compliance. Identify alternative information security strategies to address organizational security objective. Keeping up to date with developments in the threat environment, as well as privacy and security standards. Conducting and/or participating in gap, risk, and business impact assessments. Documenting ISMS policies and procedures, updating policies and procedures, and monitoring to ensure compliance with security policies. Leading/overseeing third-party risk programs and assessments for clients. Preferred Qualifications: Personal integrity, a highly transparent nature, and a mind-set of "mutual benefit". Thrives on and is worthy of self-managing the projects they are responsible for (micro-management is a four-letter word at PPS). Has very high "Self-Expectation" (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do. Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you do not get a second chance to see your child's first school play and that it does not matter if the report gets done at 3:00 PM or 10:00 PM, if it gets done). Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals. Effectively and proactively communicates in writing/speech both internally/externally from the server room to the board room. The ability to "work from anywhere" as this role is remote/virtual in nature. A good sense of humor and the ability to laugh at themselves. Applicable Information Security and Technology experience to contextualize and make recommendations relevant and valuable. Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO 27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, CCSA, MCSE, CEH, OSCP). Experience working as a consultant managing/leading multiple client projects. Experience authoring policies and procedures. Experience with the myriad of regulatory compliance or privacy frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP, GDPR, CCPA). Familiarity with related standards/frameworks (e.g., Secure Control Framework, SSAE-16 SOC1, ISO 27001, NIST 800-171, NIST CSF, CMMC, SOC2, ISO-22301, ISO-9001). A general understanding of cyber security technologies or security issues such as: Hardware or Virtual Network Firewalls, Cloud Native Firewalls, Identity and Access Management (IAM), Zero Trust, Cloud Access Security Brokers (CASB), Secure Web Gateways (SWG), Distributed Denial of Service (DDoS) protection, Web Application Firewalls (WAF), and Network Detection and Response (NDR). Minimum Qualifications: Bachelor’s degree required 6 years of experience in related field 3 years of supervisory experience Must have and preserve required licenses Ability to manage all aspects of client engagements Demonstrated ability to communicate verbally and in writing throughout all levels of organization, both internally and externally Proficient use of applicable technology Must be able to travel based on client and business needs The estimated rate of pay for this job is $117,638 - $179,516/year, which may vary based on education, experience, geographic location, or other job-related factors. The compensation above is not representative of an employee’s total compensation. Beyond income, you have access to: comprehensive medical and dental insurance, retirement savings, life and disability insurance, health care and dependent care reimbursement accounts, certification incentives, education assistance, referral program and much more. CBIZ.Jobs Category: Advisory REASONABLE ACCOMMODATION If you are a qualified individual with a disability you may request reasonable accommodation if you are unable or limited in your ability to use or access this site as a result of your disability. You can request a reasonable accommodation by calling 844-558-1414 (toll free) or send an email to EQUAL OPPORTUNITY EMPLOYER CBIZ is an affirmative action-equal opportunity employer and reviews applications for employment without regard to the applicant’s race, color, religion, national origin, ancestry, age, gender, gender identity, marital status, military status, veteran status, sexual orientation, disability, or medical condition or any other reason prohibited by law. If you would like more information about your EEO rights as an applicant under the law, please visit these following pages

Do you go more for outsourced hires or you try to int4egrate more tools?

What are the differences between a CISO and a vCISO?

How important is a vCISO in keeping your business safe from a ransomware attack?