Cyber Risk and Compliance Consultant

• Develop custom cybersecurity programs and drive cybersecurity initiatives that support regulatory requirements, risk appetite, budget targets, and desired outcomes 

• Performs cybersecurity risk assessments to identify and document client risks in accordance with industry best practices and regulatory bodies to include CMMC, 

• DFARS, NIST 800-171, NIST CSF, HIPAA, FDIC, GLBA, ISO 27001/2, PCIDSS, and MITRE ATT&CK 

• Continually manages risk management plans, milestones, and quarterly objectives to track progress and anticipate/notify of potential issues 

• Collaborates with IT resources and key stakeholders from other business units to assess impacts to business processes, consider compensating controls, and effectively communicate risk remediation initiatives 

• Leads monthly, quarterly, and annual presentations of risk management initiatives among client technical resources, key stakeholders, and senior management 

• Leads cybersecurity engineering resources to deliver vulnerability management, endpoint protection, privilege and identity management, network security, etc. 

• Actively monitors evolving threats and compliance changes and communicates findings to both Ascend and client stakeholders 

• Conducts vendor risk assessments to identify technical, operational, and compliance risks and recommend risk reduction strategies 

• Works closely with Ascend’s cybersecurity team to report issues, develop process improvement strategies, and ensure service success 

• Writes and updates cybersecurity policies and procedures aligned with client requirements 

• Leads cybersecurity training, tabletop exercises, and marketing events 

• Other Responsibilities as assigned by management 

• 5 Years experience in cybersecurity, and framework alignment (CMMC, DFARS, NIST 800-171, NIST CSF, HIPAA, FDIC, GLBA, ISO 27001/2, CIS, etc.) 

• 5 Years of strong working knowledge of system, application, network, cloud, and data security best practices 

• One or more of the following certifications: CISSP, CISA, CISM, CRISC, GLSC, GSTRT, or equivalent 

• Proven success managing business risk, conducting vendor risk assessments, and executing cybersecurity controls 

• Working knowledge of Microsoft 365, Azure Active Directory/Active Directory, Security Awareness strategies, and Vulnerability Management practices 

• Excellent analytic, problem-solving, active-listening and decision-making skills 

• Excellent presentation, writing, interpersonal and communication skills 

• Comfortable engaging at executive levels to influence and provide strategic insight 

• Experience and/or strong desire to work in a fast-paced environment with evolving conditions 

• 5 Years experience in Incident Response and Digital Forensics 

• Industry Specialized Certifications for PCI DSS, HITRUST, etc. 

• Working knowledge of PowerShell, Threat Hunting Techniques, SIEM, SOC, EDR Platforms, Privilege and Identity Management Platforms 

• Bachelor’s degree in computer science, management information systems, information Technology, engineering, mathematics, or a related field 

• Committed to Client Success: Our actions and our words always align with the best interest of the client.
• One Team: We work collaboratively to overcome challenges with humility and respect and do what it takes to find innovative solutions.
• Integrity: We are unquestionably committed to doing the right thing even when it is hard.
• Accountability: We hold ourselves and each other accountable for keeping our commitments to our clients, our communities, and one another.
• Transparency: We create open lines of communication with each other and our clients, fostering relationships founded on candor and trust.

Salary : $135,000 - $145,000