Director of Security Compliance - Washington DC, United States - Burns & McDonnell

Description

Director of Security Compliance - Industrial Cybersecurity Consulting & Co. (Multiple Locations) Washington , District Of Columbia

• Job: Consulting
• Primary Location: Washington, DC
• Schedule: Full-time
• Travel: Yes, 25 % of the Time

Description

1898 & Co. is looking for its next leader within the Security & Risk Consulting group focused on helping our clients secure their operational technology and assets. The Director of Security Compliance within the Industrial Cybersecurity Consulting group will lead the group of Governance and Compliance Consultants that provide consulting service offerings from 1898 & Co.'s Security & Risk Consulting group, reporting to the Security & Risk, Consulting Business Line Leader.

1898 & Co. is a global business, technology and security consultancy serving critical infrastructure industries. We partner with clients to plan, secure, and optimize their business. As part of Burns & McDonnell and our 120 years of industry experience, we understand the complexity of the asset-intensive business model, the trends impacting the industry, and the need to ground big ideas in operational realities.

We have a group specifically focused on industrial cybersecurity. When it comes to industrial cybersecurity, critical infrastructure industries face unprecedented challenges. The risk of cyber sabotage is on the rise. And evolving technologies create complexities that are increasingly difficult to manage. Our team is among the small pool of professionals who can operate at the intersection of critical infrastructure and cybersecurity.

We're looking for someone ready to take the lead of the Security Compliance team with an entrepreneurial spirit and to implement our core values into their work. 1898 & Co. has the feel of a start-up, with the support of Burns & McDonnell's vast resources. It's what makes us unselfish collaborators. We proactively walk the talk to create bigger opportunities through sharing, communicating, and candidness. We are energy-givers who maintain a broader view of success, prioritizing others' needs and goals in addition to our own.

1898 & Co.'s Business Lines facilitate a strategic approach to selling services, developing staff, and maintaining client relationships. The Director of Security Compliance primary responsibility is to help lead the Security Compliance Delivery team to meet the near-term goals and long-term vision for the Business Line that supports the growth of 1898 & Co. The Director of Security Compliance displays grit in their leadership role and the work they deliver. They are confident and willing to take it to the next level.

The Director of Security Compliance will be required to lead a team of Governance and Compliance consultants that work with numerous entities within a variety of industries, including energy, utilities, manufacturing, and government.

What You'll Do:

As a Director of Security Compliance, you will be responsible for and manage the Security Compliance group within the Business Line of Industrial Cybersecurity Consulting service offerings. You'll work with the Consulting Business Line Leader to support overall business planning, while being responsible for the Security Compliance group's Profit and Loss. You'll lead the group of Security Compliance Consultants responsible for project execution, and team leadership. Key responsibilities will include:

Support the Consulting Business Line to help create, develop, manage, and communicate the strategic direction of the Consulting Business Line. In collaboration with the Business Line Leader, you'll help set financial targets for the Security Compliance team, such as sales, revenue, profitability, and chargeability, as well as budgets for overhead expenses, such as marketing trips, conferences, software, certifications, etc. You'll help prepare and manage a business plan for the strategic growth of the Consulting Business Line, including expansion of current and new service offerings, marketing activities, client retention and acquisition, and staff growth plan.

Support a team of Governance and Compliance consultants to facilitate timely, quality, and profitable execution of projects within the Business Line and serve as quality control leader for deliverables. You're accountable for key financial performance metrics within the Business Line and the execution of projects.

Serve as a Offering Leader on all aspects of project execution, including scope, schedule, and budget, and ensure quality control of deliverables. You'll analyze and communicate project status, risks, schedule, and costs to all internal and external stakeholders. You'll lead multi-discipline teams of engineers and analysts. Your communication and planning skills are vital to keeping everyone on the same page with personnel needs to department management.

Mentor, train, and support the career development of Security Compliance consultants within the business line.

Specific responsibilities include:

Overall management of Security Compliance Consulting Team

Develop and lead a global Security Compliance Strategy supporting the successful delivery of security outcomes across Security Risk & Consulting Delivery.

Serve as the Business Owner of Security Compliance processes, tools and governance, including documentation of all processes (sales engagement and delivery), the training of Governance and Compliance team and assessment of new processes and tools when required.

Create a repository for all delivery documentation; keeping the repository updated

Align Security Compliance team with 1898 CX Principals

Review utilization and assignment of projects -ensuring proper utilization for team members

Monitor and proactively address project risks

Manages Governance and Compliance projects for industrial control systems (ICS), ensuring timely, on budget completion and adherence to established methodologies and guidelines.

Advise on the pursuit and proposal process for client engagements, contributing technical expertise to craft compelling proposals that showcase value of our Security Compliance Offerings.

Lead the estimation and resource allocation process for Governance and Compliance engagements, providing insights into project requirements, complexities, and potential challenges, ensuring efficient project planning and execution.

Achieve client-specific cybersecurity goals by identifying compliance variances in our critical infrastructure clients and recommending appropriate remediation measures.

Develop comprehensive Governance and Compliance reports that clearly outline findings, risks, and recommendations for improving the security posture of industrial control systems.

Advise clients on best practices for securing their industrial networks and control systems, including network segmentation, authentication, and encryption.

Assign tasks and responsibilities to junior Governance and Compliance Consultants, providing guidance and mentorship to develop their skills and expertise in ICS security.

Decide on the scope and objectives of Governance and Compliance work, based on client requirements and industry-specific regulations and standards.

Oversee the continuous improvement of internal processes and procedures, promoting a culture of excellence and innovation within the Security Compliance Team.

Approve and review Governance and Compliance methodologies and tools, ensuring their suitability for assessing the security posture of various ICS architectures and technologies.

Think "outside the box" to develop specialized techniques to gather, evaluate and present compliance information to clients that goes beyond the typical "check box" exercises of compliance.

Initiate client communication, establishing a collaborative relationship and maintaining transparency throughout the delivery process.

Perform and manage performance of compliance maturity reviews based on an existing frameworks, including, but not limited to: NERC CIP, TSA, CMMC, AWIA, ISO27001, NIST CSF, NIST , and formulate a program to close the gaps.

Delegate responsibilities to team members, ensuring a balanced workload and optimal use of resources during engagements.

Determine training needs for the team and participates in developing ICS cybersecurity training materials and programs, by level, by role and by specific consultant.

Supervise the assessment of emerging cybersecurity governance and compliance standards specific to our critical infrastructure clients,

incorporating this knowledge into methodologies, strategies, offerings and training of consultants testing.

Monitor and ensure CSAT responses on Security Compliance Projects and ensure all engagements are at or above satisfactory for all projects

Enforce strict adherence to legal and ethical guidelines during Security Compliance engagements, ensuring that all activities comply with applicable laws, regulations, and industry standards.

Collaborate with other cybersecurity professionals, staying current on industry trends and advancements in ICS security, and contributing to the broader knowledge base of the organization.

Conduct quarterly reviews and provide feedback to Security Compliance team members on progress

Develop and maintain relationships with internal clients (Offering Leaders) to ensure escalation paths are clearly defined

Develop, manage, and update all Security Compliance sales documentation – required for sales, internal training, internal reference, website content, etc.

Other duties as assigned

Qualifications

Bachelor's degree in Computer Science, Cybersecurity, Electrical Engineering, or a related field from an accredited program is required.

Applicable years of experience may be substituted for the degree requirement.

Minimum 13 years of professional experience required. 10 years of experience in cybersecurity, with at least 5 years specifically in Governance, Risk and Compliance is preferred.

5 years Consulting Management experience is preferred

Industry-recognized certifications to be considered, such as: CRISC; CISM (CISSP); Cobit; SABSA Foundation; ISO27001 (ISMS); IEC52443; ITIL / ISO20000; Compliance Officer (IT, ICS); BCM (ISO22301); Agile Foundation

Proven leadership experience.

Excellent analytical, problem-solving, and communication skills.

Ability to work independently and collaboratively within a team environment.

Strong attention to detail, facilitation, team building, and collaboration skills

EEO/Minorities/Females/Disabled/Veterans

1898 & Co. is a business, technology and security solutions consultancy where experience and foresight come together to unlock lasting advancements. We innovate today to fuel your future growth, catalyzing insights that drive smarter decisions, improve performance and maximize value. As part of Burns & McDonnell, we draw on more than 120 years of deep and broad experience in complex industries as we envision and enable the future for our clients.