Job Summary:
The Industry Specialty Services Manager is responsible for performance of cybersecurity framework assessments to determine compliance with Government-mandated contractual cybersecurity regulatory certification. This includes: Cybersecurity Maturity Model Certification (CMMC) for Maturity Levels 1, 3, and 5, NIST SP 800-171, NIST SP 800-172, NIST SP 800-53 (RMF), ISO 27001, CIS, the NIST Cybersecurity Framework, and many others. This role also serves as customer facing vCISO, providing continuous management of customer cyber policies, technical solution implementation, certification process guidance, and incident responder.
Job Duties
Applies applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.
Knowledge of current and emerging cyber technologies.
Evaluates a system's compliance with information technology (IT) security, resilience, and dependability requirements.
Knowledge of computer networking concepts and protocols, and network security methodologies.
Develops policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities
Assesses the effectiveness of NIST 800-171/CMMC security controls.
Designs/integrates a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.
Drafts, staffs, and publishes cyber policy.
Develops methods to monitor and measure risk, compliance, and assurance efforts.
Develops specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level.
Drafts statements of preliminary or residual security risks for system operation.
Maintains information systems assurance and accreditation materials.
Performs security reviews, identifies gaps in security architecture, and develops a security risk management plan.
Performs security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
Performs risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
Plans and conducts security authorization reviews and assurance case development for initial installation of systems and networks.
Verifies that application software/network/system security postures are implemented as stated, documents deviations, and recommends required actions to correct those deviations.
Assesses policy needs and collaborate with stakeholders to develop policies to govern cyber activities.
Monitors the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.
Provides policy guidance to cyber management, staff, and users.
Reviews, conducts, or participates in audits of cyber programs and projects.
Supports the CIO in the formulation of cyber-related policies.
Interprets and applies applicable laws, statutes, and regulatory documents and integrate into policy.
Promotes awareness of cyber policy and strategy as appropriate among management and ensures sound principles are reflected in the organization’s mission, vision, and goals.
Leverages best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.
Supervisory Responsibilities
Serves as a member of the consulting group’s management team
Supervises, develops, and trains associates and senior associates
Reviews and evaluates work prepared by associates and senior associates
Trains associates and senior associates on how to use current software tools and Industry Specialty Services methodology
Schedules and supervises workload of associates and senior associates
Provides verbal and written performance feedback to associates and senior associates
Acts as a Career Advisor to associates and senior associates
Education
Qualifications, Knowledge, Skills and Abilities:
Bachelor’s degree in Cybersecurity, Information Assurance, Information Technology, Software Engineering, Information Systems, Computer Science, or Computer Engineering, required
Advanced degree, preferred
Experience
5 or more years of relevant experience including experience in Cybersecurity, Information Assurance, Information Technology, Software Engineering, Information Systems, Computer Science, or Computer Engineering, required
Prior experience in Risk Management Framework (RMF), Assessing NIST 800-171 or other cybersecurity Framework, required
Prior experience in Cyber Architecture or Systems/Network Administration or serving an IT role, required
License/Certifications
Any of the following certifications are preferred, at least 1 certification will be required to qualify:
Security +
CISSP
CEH
CHFI
CySA+
CCNA Security
CAP
CNDA
CMMC Registered Practitioner
CMMC Certified Assessor
Software
Proficient in Windows 10, Windows Server, Active Directory, Email platforms such as MS Exchange, required
Cloud Platforms a plus (AWS, Microsoft Azure, Microsoft Office 365 GCC High)
Hardware
Familiar with Firewalls, VPNs, IPS/IDS, Wifi, routers, network equipment, and general security concepts and secure configuration of network equipment, required
Good knowledge of Network Security design and principles, required
Language
N/A
Other Knowledge, Skills & Abilities
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
Knowledge of emerging technologies that have potential for exploitation by adversaries.
Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
Knowledge of specific operational impacts of cybersecurity lapses.
Excellent oral and written communication skills, specifically business / report writing
Strong analytical and basic research skills
Solid organizational skills especially ability to meet project deadlines with a focus on details
Ability to successfully multi-task while working independently or within a group environment
Proven ability to work in a deadline-driven environment and handle multiple projects simultaneously
Demonstrated command of Cybersecurity Assessment Frameworks (CMMC, NIST 800-171, NIST 800-53, ISO 27001, NIST CSF, CIS)
Ability to follow and apply specific rules and regulations
Ability to work with minimal supervision
About Us
BDO delivers assurance, tax, digital technology solutions and financial advisory services to clients throughout the country and around the globe. We offer numerous industry-specific practices, world-class resources, and an unparalleled commitment to meeting our clients’ needs. We currently serve more than 400 publicly traded domestic and international clients.
Unparalleled partner-involvement
Deep industry knowledge and participation
Geographic coverage across the U.S.
Cohesive global network
Focused capabilities across disciplines
BDO brings world-class resources and exceptional service to each and every one of our clients. BDO USA is a member of BDO International, the world’s fifth largest accounting network.
BDO offers a competitive Total Rewards package that encompass so much more than – “traditional benefits”. Our wide range of rewards and our employees’ ability to customize rewards to their individual needs are two of the reasons why BDO has been honored with so many workplace awards, including 100 Best Companies for Working Parents, Working Mother 100 Best Companies, Top Entry Level Employer, 2022 National Best & Brightest Companies to Work For and more.
Some Examples Of Our Total Rewards Offerings Include
Competitive pay and eligibility for an annual performance bonus.
A 401k plan plus an employer match
Comprehensive, medical, dental, vision, FSA, and prescription insurance from day one
Competitive Paid Time Off with daily accrual from day one of employment, plus paid holidays
Paid Parental Leave
Adoption Assistance
Firm paid life insurance
Wellness programs
Additional offerings include BDO Flex, Group Legal insurance, Pet insurance and Long-Term Care Insurance
Above offerings may be subject to eligibility requirements.
Click here to find out more!
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability or protected veteran status.
BDO USA, LLP is an EO employer M/F/Veteran/Disability