About CFGI:
CFGI is a unique and highly specialized financial consulting firm that is strategically positioned to assist the office of the CFO through a range of routine and complex business scenarios. As an extension of your corporate finance team, CFGI works alongside your internal staff, serving in a variety of roles from technical accounting advisor, M&A support, tax services, etc. delivering seamless support services.
Technical and Domain Experience:
·Build cybersecurity process risk and control frameworks for clients that are rationalized against applicable laws and standards.
·Conduct risk assessment and cybersecurity maturity assessments for clients.
·Guide clients in establishing cybersecurity policies, standards, and procedures.
·Manage cybersecurity training & awareness services for clients from design to implementation.
·Advise clients on cybersecurity functions’ metrics and reporting for various levels of client audiences, including Audit Committees and Board of Directors.
·Provide governance services for clients to oversee their cybersecurity functions and practices, including governance over: policies and procedures, risk management, vulnerability management, incident management, etc.
·Build risk management practices for clients, including policies, procedures, Risk Register, etc.
·Previous experience as a systems administrator, systems engineer, or security analyst.
·Understanding of operating system hardening principles, network design principles, and systems security.
·Understanding of various cybersecurity domains (GRC, IAM, asset security, security architecture, network security, security operations).
·Understanding of security analysis, security events, and penetration testing.
·Minimum of 8-10 years experience.
Process and Project Management Experience:
·Ability to prioritize and multi-task, with flexibility and adaptability in work approach.
·Ability to manage project plans for client various data privacy engagements, including creating tasks, timelines, and budgets.
·Ability to report to leadership and clients on status updates periodically, including progress and challenges.
Soft Skills:
·Strong interpersonal and communication skills; experience with cross-cultural communications.
·Calmness and clarity of thought under pressure and ability to maintain confidentiality.
·Train other staff and external clients, as necessary.
·Agile and flexible, capable of dealing with ambiguity, and confronting challenges and opportunities with speed, endurance, and decisiveness.
·Manage a team of consultants and managers on various projects.
Technical Qualifications and Certifications:
·Bachelor’s degree in business, computer science, information systems, engineering, or a related discipline.
·Strong knowledge in national and global industry practices and regulations in cybersecurity and data privacy, including NIST CSF, CIS, PCI DSS, HIPAA, ISO27001, CMMC, FedRAMP, SOX, GDPR, CCPA, etc.
·Industry certifications are preferred, but not required: CISSP, CISM, etc.