Assessments & Exercises Vice President -- Delivery & Strategy

Contribute to leading-edge security and resilience efforts, advancing protective strategies and propelling continuous improvement.

As an Assessments & Exercises Vice President in the Cybersecurity and Tech Controls line of business, you will contribute significantly to enhancing the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Design and deploy risk-driven tests and simulations (or manage a highly-skilled team that does) and inform analysis to clearly outline root-causes. In this role, you will evaluate preventative controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.

• You will use your leadership skills to give guidance, advise on best practices, and support our business and technology groups
• You will deploy new processes and policies to strengthen our strategic roadmap. The role involves a high level of stakeholder management and will suit an individual with excellent client facing skills who has an understanding of how to develop brand awareness and build a network of business contacts to develop stability, capacity, and resiliency of our offerings
• Develop and implement operational plans and strategies that align with broader functional and organizational objectives (such as the needs of the business and regulatory expectations)
• Support the successful execution of risk-driven testing and simulations - such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations - and the development of comprehensive assessments reports including actionable recommendations, report to leadership assessment outcomes (including controls effectiveness and operational risk) and escalate thematic trends in observations
• Influence and partner with cross-functional teams to make data-driven decisions that lead to continuous improvement
• Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations and lead engagement with internal and external stakeholders - including industry peers and government agencies - to share insights and contribute to the development of cybersecurity and resiliency policies

• 5+ years of experience in cybersecurity or resiliency, with demonstrated exceptional organizational skills to plan, design, and coordinate the development of offensive security testing, assessments, or simulation exercises
• Proven ability with at least 2+ years of experience managing teams of technical staff, or ability to create long term strategic plans, and experience conducting process improvement based on operational lessons learned and threat intelligence inputs
• Experience and knowledge of operations, risk and controls management processes & principles, audit requirements related to cybersecurity, and threat and vulnerability management best practices
• Ability to execute flawlessly and handle multiple projects simultaneously and independently while maintaining a high degree of communication between multiple stakeholders
• Use in house systems to respond to line of business requests and review information and make informed technical and operational decisions.
• Should have a strong understanding of networking fundamentals (all OSI layers, protocols), Windows/Linux/Unix/Mac operating systems, system and software vulnerabilities and exploitation techniques, and web application vulnerabilities and exploitation techniques
• Technical knowledge or experience developing in house scripting, using interpreted languages such as Ruby, Python, or Perl, compiled languages such as C, C++, C#, or Java, and security tools or technology such as Firewalls, IDS/IPS, EDR, Web Proxies, DLP and the ability to articulate and visually present complex Penetration Testing and Red Team results
• Strong understanding of the current threat landscape and resiliency concerns, national and international laws, regulations, policies, and ethics related to cybersecurity or resiliency
• Demonstrated expertise in security assessment methodologies, threat intelligence utilization, control evaluation techniques, or resiliency testing
• Experience developing and supporting briefings to senior leaders and large audiences, in addition to meeting facilitation, conflict resolution, and providing program updates to senior leaders, regulators, and industry groups

• BS/MS degree or equivalent
• Intelligence Community background or understanding of the financial sector or other large security and IT infrastructures
• Possess relevant industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Offensive Security (OSCP, OSEP, OSED, OSEE, OSCE), SANS (GPEN, GXPN, GWAPT), CREST/Tiger Scheme Certified Tester, and detailed knowledge of current international best practices in privacy and information security