CISO Consultant (Virtual CISO Consultant)

We are hiring Virtual CISO for our client in Florida, its a hybrid role and candidated has to be in florida local or willing to relocate.

• 10 years of experience providing virtual CISO services to organizations with at least 350 or more network users spread across 5 or more physical sites.
• 10 years of experience immediately preceding the date of proposals in a lead or senior role providing information security services to governmental entities; and
• 10 years’ experience with organizations of 350 or more network users spread across 5 or more physical sites; and
• Required Certifications of Respondent s proposed vCISO that is responsible for performing the service:
  
  

Cetrification Required

• Certified Information Security Systems Professional (CISSP)
• Certified Information Systems Auditor or Manager (CISA or CISM)
  
  

Skills

• Provide documentation of at least Ten (10) years of the vCISO candidate s experience immediately preceding date of proposals in a lead or senior role providing information security services to governmental entities providing at least three (3) similar projects.
• Provide documentation of at least Ten (10) years experience with organizations of 350 or more network users spread across 5 or more physical sites
• Describe vCISO candidate s experience developing incident response plans
• Describe vCISO candidate s experience developing vendor risk management programs
• Describe vCISO candidate s experience designing data protection strategies
• Describe vCISO candidate s experience with actual incident response support
  
  

Required Technical Skils

I. Endpoint Detection and Response.

II. Vulnerability Management.

III. Patch Management.

IV. Security Incident and Event Management.

V. Microsoft M365.

i. Information Protection and Governance.

ii. Azure AD.

iii. Entra ID.

iv. Intune.

Operating Systems

I. Microsoft Windows.

II. Microsoft Server.

III. VMWare.

IV. Linux

Program Development

Establish and document a cybersecurity program during the first 6 months of the contract.

I. The Program Shall Address

• NIST Cybersecurity Framework.
• NIST controls catalog.
• NIST methodology for systems and data categorization.
  
  

ii. Evaluate current practices and guiding documents.

iii. Develop a vision, mission, and strategy document that is endorsed by the executive leadership.

iv. Develop a charter document that is endorsed by the executive leadership.

v. Provide recommendations for program staffing.

• Consolidate current incident response plan (IRP) components into a stand-alone IRP.
• Develop and document a vulnerability and patch management program.
• Develop a Risk matrix for the District s information technology.
• Develop a Vendor Risk Management program.
• Develop a Cybersecurity Questionnaire for critical suppliers.
• Review current cybersecurity awareness training and recommend a training program for employees, including where in the organization the training program should reside.
  
  

Ongoing Support

The VCISO Shall

• Attend and contribute to periodic District Security Committee meetings. It is anticipated that these will occur monthly.
• Conduct monthly cybersecurity check in meetings.
• Provide threat intelligence in a digital report monthly.
• Conduct an annual cybersecurity assessment and provide at a minimum:
  
  

i. A detailed report identifying opportunities for improvement and

ii. An executive summary and presentation to District executive leadership.

• Participate in daily meetings during the week of the District s annual disaster recovery exercise.
• Incident Response
• The vCISO shall provide 24/7/365 availability for incident response.