CAN INTERVIEW ONSITE!!!
Scope of Work / Job Characteristics
The IT Risk Compliance Director shall provide on-demand cybersecurity staff augmentation services to support the Department in proactively identifying, analyzing, and mitigating cybersecurity risks across its enterprise environment. Services include, but are not limited to:
- Conduct comprehensive vulnerability assessments using industry-standard tools and methodologies
- Perform penetration testing using a structured approach, progressing from passive to active techniques
- Identify and analyze Indicators of Compromise (IOCs), unauthorized access attempts, and data exfiltration risks
- Detect and remediate misconfigurations and insecure network services
- Apply and interpret the Common Vulnerability Scoring System (CVSS) for risk prioritization
- Conduct threat hunting activities to detect active or persistent threats within enterprise environments
- Provide incident response support, including containment, eradication, and recovery recommendations
Required Qualifications
A bachelor’s or master’s degree from an accredited college or university in Computer Science, Information Systems, or a related field is required. Equivalent work experience (four [4] years) may be substituted on a year-for-year basis where applicable.
Required Experience, Skills, and Knowledge
- Demonstrated experience delivering cybersecurity services in large, complex enterprise environments, preferably within government or criminal justice agencies
- Proven track record in threat hunting, vulnerability assessments, penetration testing (internal and external), and incident response
- Experience supporting environments subject to Criminal Justice Information Services (CJIS) Security Policy requirements
- Ability to provide advisory services, including cybersecurity strategy, governance, risk, and compliance (GRC), and remediation planning
- Minimum of five (5) years of hands-on cybersecurity experience in one or more of the following areas:
- Threat hunting and threat intelligence
- Penetration testing and ethical hacking
- Vulnerability management
- Incident response and digital forensics
- Demonstrated experience in both offensive security roles (e.g., red team, penetration testing) and defensive security roles (e.g., Security Operations Center [SOC], blue team, incident response)
Note: The selected candidate must successfully complete a Level II Background Check.
Preferred Qualifications
- Experience conducting red team and adversarial simulation exercises
- Ability to support cybersecurity roadmap development and maturity assessments
- Relevant industry certifications such as:
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- Offensive Security Certified Professional (OSCP)
- Global Information Assurance Certification (GIAC)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Experience collaborating with client Managed Service Providers (MSPs) and internal IT teams
