ECC IT Solutions, a leading managed service provider and IT consultancy, based in Rockville, Maryland, has an immediate opening for a highly motivated Director of Security Governance, Risk and Compliance; a strategic leader with excellent stakeholder management skills, who can create and deliver enterprise-class security governance, risk, and compliance solutions to the company and our clients.

Reporting to the Managing Director and the company’s executive leadership team, the Director of Security Governance, Risk and Compliance will be expected to have a deep level of expertise and vast knowledge base in core information security governance, risk, compliance, and private domains. It is critical that the candidate be able to present complex solutions and topics in a concise manner.  The candidate must be comfortable blending multiple service offerings and deliverables into a single aggregate final risk report/deliverable and executive presentation for audiences of all levels and skillsets.

Additionally, the ideal candidate will drive transformational change in how we manage security risks both internally and with our clients. This is a critical client facing role where you will be seen as the go-to person for the design, implementation and ongoing management of threat prevention assessments, certifications, mitigation strategies and related technology solutions. This is a hands-on position that will require you to be growth oriented, strategic, and technical.

Responsibilities:

  • Act as the primary point of contact for all IT security related matters
  • Build relationships with and win the confidence of prospects and clients working closely with them to understand their businesses and assist in identifying and mitigating risks within their IT infrastructure
  • Embed security as part of key business processes to ensure security risks are timely identified and remediated
  • Lead customer engagements and project execution providing information security consultation and assessment services, helping our clients meet their compliance obligations by evaluating their business, technology, and operations against industry security standards
  • Provide clear, organized findings and recommendations to clients and tracking progress towards resolution and compliance
  • Develop strategic, operational, and tactical recommendations tailored to each customer with the intent to improve a customer’s security posture and compliance position
  • Create detailed strategic security roadmaps with short-term, mid-term, and long-term goals that prioritize remediation recommendations and address all instances of non-compliance with applicable regulatory, statutory, contractual, and organizational obligations
  • Develop security policies, standards, and procedures that are custom-tailored to each customer’s unique culture, security goals, and organizational objectives using industry best practices and compliance requirements
  • Review, analyze, and assess key factors, including inherent risk, mitigating controls, business impact, likelihood, and other key elements to determine organizational security risk
  • Ensure and assess customer alignment to, and/or compliance with, applicable regulatory, federal, state, local, contractual, and organizational requirements, and best practices standards such as ISO 27001, NIST CSF, HIPAA, FERPA, NERC CIP, NIST 800-171, CMMC, etc.
  • Work closely with organizations to conduct security program development by establishing the foundation for a best-of-breed security program architecture reference model using industry frameworks and standards such as ISO 27001, NIST 800-53, NIST Cyber Security Framework (CSF), etc.
  • Educate, mentor, advise, and share your expertise with clients and teams to aid in making decisions on topics like strategy and scope as well as deep and highly technical projects
  • Collaboratively work with teams on the execution and delivery of key services such as vCIO advisory services, security program development, quarterly business reviews, documentation review, and security consulting services
  • Lead cybersecurity administrative functions, such as documentation maintenance, documentation creation, peer review, and other internal cybersecurity activities
  • Lead the delivery of security compliance initiatives for the company and our clients
  • Own the security proposition for the company and clients, including development and dissemination of all security communications, both internal and external
  • Lead security-related incident decision making, response and communications
  • Manage security standards and policy frameworks as well as a Cyber Security Training & Awareness Programs for both the company and clients
  • Other duties as assigned

Critical Attributes

  • Motivated leader with the experience to inspire, mentor, and coach teams
  • Desire to grow the business by identifying cross-sell/up-sell opportunities with prospects and clients
  • Excellent analytical, technical, and problem-solving skills, with strong attention to detail
  • Exceptional verbal and written communication, collaboration, and time management skill

Education and Experience

  • Bachelor’s Degree in management/computer information systems, computer science, accounting information systems, computer engineering, industrial engineering, or related program or the equivalent work and/or military experience
  • 5-10+ years’ experience conducting information security risk and compliance assessments and cybersecurity audits as well as remediation plans
  • Current possesses information security certifications such as CISM, CISA, CISSP, CIA, CPA, ISO 27001 LI certifications preferred
  • Experience with one, some, or all the following industries:
    • Government Contracting
    • Nonprofit
    • Healthcare
    • Biotechnology
    • Technology
    • Real Estate
  • Experience with one, some, or all the following frameworks:
    • NIST Cyber Security Framework (NIST CSF)
    • Cybersecurity Maturity Model Certification (CMMC)
    • ISO 27000/27001/27002
    • NIST SP 800-171
    • NIST SP 800-53
    • DFARS 252.204-7012, 7019, 7020 and 27021
    • HIPAA/HITECH
  • Previous experience as a consultant with a leading consultancy highly desired
  • Working knowledge of security testing and audit platforms
  • Proficiency in Microsoft Word, Excel, and PowerPoint

Other Qualifications

  • In-depth knowledge of best practices in security governance, value, and capability management, and security risk management
  • A clear influencer with strong leadership skills, including negotiation and conflict management combined with a strong service orientation
  • Comfortable presenting security concepts and/or findings to both highly technical and entirely non-technical audiences
  • Extensive knowledge in the assessment of security controls and security risk as well as management of remediation activities and programs
  • Ability to work closely with cross-functional departments within the company and the client
  • Strong analytical skills, highly organized and excellent communication, and presentation skills
  • Project management skills to support multiple complex assignments simultaneously
  • Experience managing and working with internal and external stakeholders, including auditors, executive leadership, etc.
  • Ambitious and goal-oriented, with the initiative to work until the job is complete
  • Willingness to learn from our close-knit group as well as contributing thoughts, tools, industry news or lessons learned
  • Ability to maintain tact, composure, and professionalism in an interrupt-driven environment and/or when challenged by customers
  • This is a customer-facing role. You will be expected to travel (up to 30%) to client sites delivering professional services as needed

U.S. Citizenship Required

As an ECC IT Solutions employee, you will be able to learn, lead, serve and be recognized for your contributions. Individuals who thrive at ECC IT Solutions are motivated, talented, serious, and diligent and want to join and remain a part of a winning team. Our goal is to provide rewarding career opportunities and invest in the success of our employees. We offer opportunities for career advancement and continued education, a great employee benefits package, and a relaxed work environment.

Apply Here

About ECC IT Solutions

ECC IT Solutions delivers cost-effective and results-driven managed IT support services, network security, cloud computing, storage protection, disaster recovery, computer upgrade and support services, and IT infrastructure assessment and design. We work closely with clients to bring specialized knowledge, invaluable skills, and certified professionals to address their critical technology and business process needs. For more information about ECC IT Solutions, please follow us on Facebook and Twitter.