Senior Cyber Risk Consultant (Remote-U.S. Based)

Title: Sr. Cyber Risk Consultant

Work Location: Remote

Reports To: Director of Advisory Services

Travel: Up to 50%

Business Hours: Mon-Fri  

Summary:

Since 2009, Kivu has provided incident response, risk management, and forensics investigation services to clients around the globe. Kivu is well known in the cyber security industry for our high level of technical expertise and legally sound, practical business solutions. We are a leading provider of incident response and digital forensic services to the cyber insurance community in North America and Europe.

Required Knowledge, Skills, Abilities:

• Minimum of 5 years of conducting NIST CSF and HIPAA assessments and/or
• Minimum of 5 years of information security experience (Incident Response, Vulnerability Management, Risk and Governance, Threat Intelligence, Security Architecture, etc.) and/or
• Minimum of 5 years developing and managing incident response capabilities across multiple departments in an enterprise environment (IR Plans, Playbooks, Tabletop exercises, etc.) and/or
• Ideally experience leading a team or projects
• Excellent communication skills, both verbal and written

Preferred Requirements:

• Positive attitude with flexibility and a willingness to work as a team, support our clients, learn, and grow.
• Experience with cyber security assessments, NIST CSF 2.0, ISO 27001/2, and HIPAA/privacy Assessment
• Understanding of at least one framework: ISO 27001/2, FISMA, PCI, HITRUST, NIST 800-series, CoBIT, PCI, etc
• Experience briefing Senior Executives or Boards of Directors
• Understanding of vulnerabilities and tools used to discover, analyze, and exploit vulnerabilities
• Weekend and /or international travel may be required. The candidate should possess or be able to possess a passport and be able to travel internationally
• Demonstrated ability to manage all facets of a client offering, including scoping, kickoff, development, delivery, and post-delivery responsibilities
• Bachelor’s degree in computer science, information systems, information assurance, or equivalent work experience
• Technical or professional certifications such as EnCE, CEH, GCIH, GCFA, CISA or CISSP, etc.
• Experience developing and delivering Incident Response or Business Continuity/Disaster Recovery tabletop exercises is a big plus
• Consulting experience is a big plus
• Proactive incident response experience is a big plus
• Networking and system administration experience (Windows and Unix/Linux) is a plus
• Operational experience with security tools (firewalls, IDS, IPS, SIEMs, etc.) is a plus
• Familiar with tactics, techniques, and procedures commonly employed by threat actors, and their motivations is a plus
• Experience with audits or conducting audits a plus
• Experience with common computer forensic / incident response tools and processes a plus

Responsibilities and Duties:

• Conduct and serve as an expert consultant for NIST CSF 2.0 framework, ISO 27001/2, HIPAA assessments and HIPAA privacy rule assessments
• Design, develop, and deliver incident response exercises to test client incident response plans based on the latest threat intelligence and the client’s goals and objectives; oversee the delivery of exercises by other consultants; deliver incident response exercises to senior executives and Boards of Directors.
• Develop and deliver detailed incident response plans and playbooks based on client needs
• Contribute to the continual improvement of services that we deliver to clients and the processes that the team utilizes to deliver them
• Provide objective, actionable, and complete guidance that enables and improves our clients’ incident management capabilities
• Conduct assessments of client readiness to respond to incidents, including designing and delivering incident response exercises to test client incident response capabilities; review the assessments of other consultants
• Support the development of complex incident response exercises based on the latest threat intelligence and client goals and objectives, review analysis and conclusions of other consultants
• Document findings, develop recommendations and present both orally and in written reports; coach, teach and mentor junior consultants with their ability develop recommendations and present both orally and in written reports
• Promote Kivu by participating in external speaking engagements, writing whitepapers and blogposts, and ensuring identification of opportunities for additional support to be provided to clients
• Develop and deliver training courses, focused on incident response topics
• Coach, teach and mentor junior staff
• May require up to 50% travel

Equipment Used:

All equipment required to perform duties and tasks were previously described.

Physical / Environmental Factors:

The physical demands are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Kivu Consulting considers applicants for all positions without regards to race, color, national origin, age, religion, sex, marital status, veteran or military status, disability, or any other legally protected status. Kivu Consulting is an Equal Opportunity Employer.

Benefits:

• Flexible PTO
• Medical, Dental, and Vision
• 401k
• Remote Work

Compensation$100,000 - 140,000