Cybersecurity Senior Manager

About CFGI:

CFGI is a unique and highly specialized financial consulting firm that is strategically positioned to assist the office of the CFO through a range of routine and complex business scenarios. As an extension of your corporate finance team, CFGI works alongside your internal staff, serving in a variety of roles from technical accounting advisor, M&A support, tax services, etc. delivering seamless support services.

Technical and Domain Experience:

· Build cybersecurity process risk and control frameworks for clients that are rationalized against applicable laws and standards.

· Conduct risk assessment and cybersecurity maturity assessments for clients.

· Guide clients in establishing cybersecurity policies, standards, and procedures.

· Manage cybersecurity training & awareness services for clients from design to implementation.

· Advise clients on cybersecurity functions’ metrics and reporting for various levels of client audiences, including Audit Committees and Board of Directors.

· Provide governance services for clients to oversee their cybersecurity functions and practices, including governance over: policies and procedures, risk management, vulnerability management, incident management, etc.

· Build risk management practices for clients, including policies, procedures, Risk Register, etc.

· Previous experience as a systems administrator, systems engineer, or security analyst.

· Understanding of operating system hardening principles, network design principles, and systems security.

· Understanding of various cybersecurity domains (GRC, IAM, asset security, security architecture, network security, security operations).

· Understanding of security analysis, security events, and penetration testing.

· Minimum of 8-10 years experience.

Process and Project Management Experience:

· Ability to prioritize and multi-task, with flexibility and adaptability in work approach.

· Ability to manage project plans for client various data privacy engagements, including creating tasks, timelines, and budgets.

· Ability to report to leadership and clients on status updates periodically, including progress and challenges.

Soft Skills:

· Strong interpersonal and communication skills; experience with cross-cultural communications.

· Calmness and clarity of thought under pressure and ability to maintain confidentiality.

· Train other staff and external clients, as necessary.

· Agile and flexible, capable of dealing with ambiguity, and confronting challenges and opportunities with speed, endurance, and decisiveness.

· Manage a team of consultants and managers on various projects.

Technical Qualifications and Certifications:

· Bachelor’s degree in business, computer science, information systems, engineering, or a related discipline.

· Strong knowledge in national and global industry practices and regulations in cybersecurity and data privacy, including NIST CSF, CIS, PCI DSS, HIPAA, ISO27001, CMMC, FedRAMP, SOX, GDPR, CCPA, etc.

· Industry certifications are preferred, but not required: CISSP, CISM, etc.