IT Risk Compliance Director

ASSYST

Tallahassee, Florida

JOB DETAILS
SKILLS
Analysis Skills, Background Investigation, CEH - Certified Ethical Hacker, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Computer Forensics, Computer Hacking, Computer Science, Computer Security, Criminal Justice, Establish Priorities, GIAC - Global Information Assurance Certification, Government, Hunting, Incident Response, Industry Standards, Information Technology & Information Systems, Internet Security, Penetration Testing, Risk, Risk Management, Security Policy, Simulation, Testing
LOCATION
Tallahassee, Florida
POSTED
1 day ago

The IT Risk Compliance Director shall provide on-demand cybersecurity staff augmentation services to support the Department in proactively identifying, analyzing, and mitigating cybersecurity risks across its enterprise environment. The IT Risk Compliance Director services shall include, but are not limited to:

  • Conduct comprehensive vulnerability assessments using industry-standard tools and methodologies;
  • Perform penetration testing using a structured approach progressing from passive to active techniques;
  • Identify and analyze Indicators of Compromise (IOCs), unauthorized access attempts, and data exfiltration risks;
  • Manage misconfigurations and insecure network services;
  • Apply and interpret Common Vulnerability Scoring System (CVSS) for risk prioritization;
  • Conduct threat hunting activities to detect active or persistent threats within enterprise environments; and
  • Provide incident response support, including containment, eradication, and recovery recommendations.

Requirements/Qualifications
A bachelor’s or master’s degree from an accredited college or university in Computer Science, Information Systems, or other related field, or four (4) years of equivalent work experience is required. Relevant experience may be substituted for education on a year-for-year basis when applicable.

The Department requires the following experience, skills, and knowledge for this position:

  • Demonstrated experience providing cybersecurity services for large, complex enterprise environments, preferably within government or criminal justice agencies;
  • Proven track record delivering threat hunting, vulnerability assessments, penetration testing (internal and external), and incident response services;
  • Experience supporting environments subject to Criminal Justice Information Services (CJIS) Security Policy requirements;
  • Ability to provide advisory services, including cybersecurity strategy, governance, risk, and compliance (GRC), and remediation planning;
  • Minimum five (5) or more years of hands-on cybersecurity experience in one or more of the following: threat hunting and threat intelligence, penetration testing and ethical hacking, vulnerability management, and Incident response and digital forensics; and
  • Demonstrated experience operating in both offensive security roles (e.g., red team, penetration testing) and defensive security roles (e.g., Security Operations Center [SOC], blue team, and incident response).
  • NOTE: In addition to the above list, the selected Candidate must successfully complete a Level II Background Check.

Preferred Qualifications

  • The Department prefers the Candidate to have the following experience, skills, and/or knowledge for this position:
  • Experience conducting red team and adversarial simulation exercises;
  • Ability to support cybersecurity roadmap development and maturity assessments;
  • Relevant industry certifications are preferred, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Offensive Security Certified
  • Professional (OSCP), Global Information Assurance Certification (GIAC), Certified Information Security Manager
    (CISM), and Certified Information Systems Auditor (CISA); and 
  • Experience integrating with client Managed Service Providers (MSPs) and internal IT teams.

ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law

About the Company

A

ASSYST

ASSYST is an agile, CMMI Level 3 certified firm that excels at simplifying IT and business processes, removing unnecessary redundancy, and delivering targeted information for faster, smarter decisions to improve operations and productivity. We work closely with stakeholders, cross-functional teams, and other technology and services vendors to develop solutions utilizing rigorous adherence to the CMMI-based processes, Agile Framework (Scrum and SAFe), ITSM/ITIL services model, and ISO standards to achieve consistent process improvement. ASSYST represents a balanced approach to providing continuity of service while evoking innovation, fresh ideas, and practices to actualize modernization initiatives. We work collaboratively with customers and partners on human-centered design, leverage emerging technologies, apply innovation to deliver solution outcomes that improve productivity, user experience, and customer delight.

Our specialties include: Big Data and Analytics, Enterprise Content Management, Information Assurance, Cloud Computing, Knowledge Management, Automation, DoD IT Services, Cybersecurity, Test Engineering, FHIR, HealthIT, Data Science, Azure, Agile, Digital Services, AWS GovCloud, ERP, and SAFe

COMPANY SIZE
100 to 499 employees
INDUSTRY
Computer/IT Services
FOUNDED
1993
WEBSITE
https://www.assyst.net/