The Security & Compliance Practice Manager plans and directs security development and compliance engagement, pre-sales and post-sales. This position is accountable to assist in ensuring alignment and delivery of all security and compliance services and solutions. This role requires extensive IT security, regulatory and compliance knowledge as DataEndure delivers security consulting, compliance services, managed security services to customers ranging from governance, risk and compliance (GRC) assessments to security controls testing, penetration testing, security and compliance product implementation, managed security services and managed compliance services.
Ability to work with customers during the pre-sales stage to understand the various security and regulatory controls in place in order to determine gaps and recommend products and consulting work effort to close those gaps. Ultimately help decide the process and technology controls to be recommended to the customer. Experience reviewing penetration tests, risk assessments, IT audits, and the implementation of the related technology recommendations such as access control tools, privileged account management, vulnerability testing, and perimeter security such as NGFW, Two-factor, and Cloud Access Security Brokers (CASB) are strongly preferred and GRC platforms.
- Create and maintain core messaging, pre-sales strategy and post-sale delivery
- Support Account Executives and Solution Architects to assess, qualify, position and close sales opportunities
- Develop SOWs, including the phases, scoping, pricing, and specific tasks to be performed for the customer.
- Create and maintain all security practice messaging
- Create and maintain all consulting practice messaging
- Facilitate partner development and management
- Evaluate and recommend security products and delivery partners
- Evaluate and recommend compliance products and delivery partners
- Continued development and evolution of the Security Practice and Managed Security offerings
- Continued development and evolution of the Compliance Practice and Managed Compliance offerings
Experience and Skills:
- Thorough knowledge and understanding of security best practices, operations, regulations and solutions including NIST CSF, CIS, ISO, PCI, HIPAA, GDPR, CCPA.
- Excellent knowledge and understanding of information risk concepts and principles as a means of relating business needs to security protocols.
- Excellent understanding of information security concepts, protocols, industry best practices and strategies.
- Good understanding of system technology security testing (vulnerability scanning and penetration testing.)
- Knowledge of systems, applications, databases, middleware to address security threats against the same.
- Proficient in preparation of reports, dashboards and documentation
- Knowledge of common Internet protocols, network analysis, and network/security applications
- Ability to multi-task, prioritize, and manage time effectively
- Excellent interpersonal skills and professional demeanor
- Excellent verbal and written communication skills
- Proficient in Microsoft Office Applications
- Experience in performing vendor management
- Ability to handle high pressure situations with key stakeholders
The successful candidate will possess the personality traits, work habits, communication, and social skills necessary to work effectively within a dynamic and highly operational environment. This person will have exemplary personal and professional integrity and demonstrate strong interpersonal skills. In addition, the qualified candidate will have a strong desire to succeed in a nationally and internationally recognized operational environment.
- Bachelor's or Master’s degree in a related field or equivalent demonstrated experience and knowledge
- Applicants must have ability to work in U.S. without sponsorship and a valid Driver’s License
- Proven experience in an information security including developing Information Security policies and plans
- Experience in security remediation processes and technologies including patch management, change management, incident response, vulnerability management, and access control. Specific product experience is a plus.
- Strong decision-making, analytical & problem-solving skills to provide direction, identify & resolve issues
- Strong communication, facilitation and presentation, and training skills to communicate with a diverse group of employees and vendors
- Proven ability to manage multiple vendors and their alignment
- Knowledge of Cybersecurity best practices and standards (e.g. NIST, ISO, etc.)
- Strong Familiarity with ISO 27001, FedRamp, and NIST CSF governance and risk management frameworks
- Prefer familiarity with EU General Data Protection Regulation (GDPR) requirements
- Familiarity with AICPA SOC2 audit process and required artifacts
- Familiarity with international compliance requirements a plus
- Familiarity with risk and vulnerability management tools and techniques
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Security Consulting background a plus
- Security Essentials Certification (GSEC)
- Certified Ethical Hacker (CEH)
- Certified Penetration Tester (CWAPT)
- Certified Information Systems Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- CompTIA Network+
- CompTIA Security+
This position is a Sales Engineering role and as such will require customer facing skills and 50% travel.
DataEndure offers a competitive compensation plan with great earning potential. Our benefits include medical coverage, dental coverage, disability, life insurance, 401K and an amazing work environment!