Cybersecurity Risk Compliance Consultant

POSITION OVERVIEWThe Cyber Security Risk and Compliance Consultant is responsible for conducting Cybersecurity gap assessments and ongoing consulting with our clients daily in Huntsville, Alabama. The Cybersecurity Risk and Compliance Consultant should be familiar with multiple security frameworks such as National Institute of Standards (NIST 800-171), Risk Management Framework (RMF), Cybersecurity Framework (CSF), CIS Critical Security Controls (CIS Controls), Defense Federal Acquisition Regulation Supplement (DFARS), and Cybersecurity Maturity Model Certification (CMMC). In this position, you will conduct gap assessments through interviews and asking questions to determine the state of an environment while capturing evidence and artifacts to support the assessment results and effectively measure our client's security posture and compliance.Primary DutiesConduct Cybersecurity gap assessments and provide resulting reportsConduct Cybersecurity consulting engagements to assist with and partner on clients' POA&M remediation effortsManage and execute project-level tasks and milestonesEducate clients on information security and applicable control requirementsBaseline existing risks, exposure, framework, and compliance levelsAdvise on risk mitigation and remediation plansRequired QualificationsSOC (Security Operations Center) knowledge and understanding of services within2 or more (2+) years of experience in the information security fieldExperience leading information security engagements with a preference for DFARS, NIST, and CMMC assessments, as well as reportingExperience authoring cybersecurity policies, and procedures (to include Incident response, business continuity, disaster recovery, and more)One (1) or more of the following: Certified CMMC Professional (CCP), Certified CMMC Assessor (CCA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Security+, or equivalent certificationGood time management, project management and problem-solving skillsA desire to take on roles of increasing responsibility including defining services, managing teams, and coordinating resourcesIntegrity: Ethical and respectful to clients and teamGrit: Ability to self-motivate, self-manage, and meet deadlines when faced with competing prioritiesCustomer-centric: Understand that partnership with our clients is a "win-win" scenarioSelfless: Understand that when one team member succeeds, we all succeedAbility to review security architecture and advise on security requirementsSupervisor ResponsibilitiesN/AKnowledge, Skills, and Abilities10 Characteristics of Every Professional at MAD SecurityCustomer Service and Satisfaction First. Understanding and satisfying our customers is the cornerstone to our success. We must do what is necessary to meet those needs.Expertise is our Specialty. The very word professional implies expertise, and technical competence is essential to our service-oriented structure. We must become an expert in the skills and tools we use in our operations, we must perform to the best of our abilities, and we must keep our knowledge up to date.Do and Deliver More Than Expected. Professionals are expected to produce results. We strive to complete deliverables before they are due, of higher quality than anticipated, and under budget. Professionals exceed expectations whenever possible.Deliver on What We Say and What We Can Do. Professionals deliver on promises made. We engage our brain before speaking; Before we say we can do something, we make sure we can do it.Communicate Effectively. Whether verbal or written, professionals communicate clearly, concisely, thoroughly, and accurately. Effective communication is ultimately our responsibility as a professional.Follow Exceptional Guiding Principles. Professionals adhere to high ethical values and principles. We appreciate and support our co-workers, practice good manners and proper etiquette, are honest and fair in all our dealings, and have a high ethical and moral standard.Praise Our Co-workers. Professionals are humble and generous in their praise for others. We respect and acknowledge the talents and capabilities of our co-workers.Share Knowledge. Professionals help their peers and co-workers and are respected for doing so. Information isn't a limited resource; our minds won't be emptied by giving away kernels of wisdom or experience. We think of knowledge as an ocean of facts and not a stream of data. It is possible to share what we know and stay one step ahead of the competition — professionals simply apply themselves to learn something new daily.Express Gratitude. Professionals thank others in a meaningful way that most benefits the recipient.Maintain the Right Attitude. Professionals are pleasant even during trying times.Location and Work EnvironmentOnsite in Huntsville, Alabama. While performing the duties of this Job Description, the employee regularly works in an office setting.Physical DemandsThe physical demands described herein are representative of those which much be met by an employee to perform the Primary Duties of this Job Description successfully.TravelOccasional travel may be required.Other DutiesPlease note this Job Description is intended to describe the general nature and level of work to be performed by the employee(s) assigned to this Job Title. It is not designed to contain nor be interpreted as a comprehensive and/or all-inclusive list of duties, responsibilities, and qualifications. MAD Security, LLC reserves the right to amend and/or change responsibilities to meet business and organizational needs, as necessary, with or without notice.About MAD Security, LLCMAD Security, LLC, founded in 2010, is a veteran-owned cybersecurity provider dedicated to safeguarding business and simplifying the cybersecurity challenge by delivering compliance through cost-effective, results-driven solutions. Headquartered in Huntsville, Alabama, and recognized as a Top 250 MSSP by MSSP Alert, MAD Security delivers world-class, industry-leading managed services and technology solutions regularly to defense industry-based providers including aviation and aerospace, government contractors, financial institutions, technology services providers, higher education institutions, and manufacturing to manage risk, meet compliance requirements, and reduce costs.