Director, Cyber Security Services
Stroz Friedberg’s Cyber Resilience team is a trusted adviser to the world’s most sophisticated organizations to help them protect their most important assets and continually improve their approach to cyber risk. When our clients suffer a breach or cyber attack, our incident responders act in real time to contain issues and crisis situations. Our team comprises a collection of bright minds in cybersecurity, with expertise in incident response, penetration testing / red teaming, malware decryption, decoding and reverse engineering, application, network and cloud security and security governance advisory. We are also Certified Information Systems Security Professionals, and Information Privacy Professionals. We are ISO 27001 (Cyber) certified across multiple service lines (cyber resilience and digital forensics) in seven U.S. cities and the UK, where we have also obtained Cyber Essentials certification. Additionally via our Gotham Digital Science subsidiary, we are certified to offer the industry leading CREST (the Council of Registered Ethical Security Testers), STAR (Simulated Target Attack and Response), and CBEST cybersecurity testing services.
With thirteen offices across the globe and the ability to leverage Aon’s presence in 120 countries, Stroz Friedberg can provide a global presence to our clients to address all their cyber security requirements. Our organization will enable you to stand-out and operate on the front lines as an innovative practitioner, allowing you to showcase performance excellence and drive success for our clients, the firm and yourself.
This Director will be part of a cross-functional security risk team that gathers technical and procedural information, deploys necessary tools to test and validate IT infrastructure, identifies vulnerabilities, analyzes information derived from engagements to determine information security risks and provides remediation assistance.
The responsibilities of this position include but are not limited to the following:
- Assess and investigate client IT security programs and environments via interviews and technical information analyses.
- Understand existing client processes and controls with respect to electronic and non-electronic information security.
- Develop client security programs by reviewing existing programs; conducting comprehensive reviews of threats; evaluating and analyzing relevant data points.
- SOC Strategy Development: Architecting and design of security solutions (SIEM, IDS, etc.) for client environments.
- Develop Information Security Plans and Policies, including those for Incident Response, customized to client requirements and risk profile.
- Coordinate with Stroz Friedberg security specialists, incident response handlers, digital forensic experts, network engineers, system engineers and Web application engineers to explore and report on specific security risk issues in depth.
- Provide recommendations on IT solutions to help clients manage information security risk.
- Manage third party relationships relating to additional security services as required (e.g., penetration testing).
- Assess IT network and security architectures as they relate to managing identities and access privileges, delegated administration models, workflow and access control models.
- Document results of security risk analyses and formally present to clients.
- Formulate executive level recommendations related to Information Security strategy.
- Understand current regulatory environment and related implications to security management compliance.
- Enhances team competence by answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
- Assist with engagement strategy and delivery of solutions.
- Assist with preparing reports by collecting, analyzing, and summarizing data trends in the industry.
- Track emerging security practices and contribute to building internal processes.
The ideal candidate would have 10+ years in progressively sophisticated roles in information security engineering and/ or IT architect The position requires a strong, diverse technical background and truly exceptional oral and written communications skills. The candidate must demonstrate proven success in working in a team as well as independently and exhibit follow-through to understand root causes of issues. This position calls for an individual who exhibits thoughtful introspection but is also able to assess a broad spectrum of issues. A collaborative approach is a must, as well as the ability to effectively communicate with a wide range of technical and non-technical personnel. Finally, personal flexibility and the ability to travel globally is required.
Essential Job Functions
This leadership position requires handling multiple engagements with overlapping deadlines. A demonstrated ability to write clear, coherent and precise reports on a multiplicity of complex technical issues is essential.
- 10+ years of IT security engineering with an emphasis on network security and/ or security operations.
- Excellent written and verbal communication skills.
- IT security certifications (CISSP, CISM, GIAC, OSCP) a plus.
Bachelors Degree in computer science or information technology. Masters degree in information/computer science or a technology-related field preferred.Note: This job description is intended to describe the general nature and level of work being performed by employees in this position. It is not intended to be an exhaustive list of all responsibilities, duties, and skills required for this position; other duties outside of normal responsibilities may be performed as necessary to meet the needs of the organization.
Background Investigation Notice: Offers of employment are contingent upon our receipt of references consistent with our expectations, the results of pre-employment background checks, and execution upon an employee’s arrival of our confidentiality and non-compete agreement.Stroz Friedberg is an equal opportunity employer.
Stroz Friedberg is a leading professional services firm specialized in investigations, intelligence and risk management. To help our clients manage risks, we have assembled a collection of the brightest minds in the fields of Digital Forensics, Incident Response, Security Science, Intelligence and Investigations, Data Discovery, Forensic Accounting and Compliance. With twelve offices across the globe, Stroz Friedberg is on an exciting growth trajectory, and the size of our organization will let you stand-out and operate on the front lines as an innovative fact-finder, allowing you to showcase performance excellence and drive success for our clients, the firm, and yourself. Join our mission. Seek Truth.
Company Type: Privately Held
Company Size: 201-500