DHG ranks among the top 20 public accounting firms in the nation. With more than 2,000 professionals in 30+ offices located in 13 states, we combine extensive tax, assurance and advisory experience with a focus on relationships and personal service to help our clients achieve their goals. People, careers and flexibility are at the heart of DHG’s culture making it a great place to build a valuable career.
The Cybersecurity Manager supervises multiple client engagement teams performing assessments, audits, and advisory consulting associated with cybersecurity governance, risk, and compliance. The DHG Cybersecurity Team’s engagements vary considerably in size and complexity and require a combination of understanding of various technologies, cybersecurity compliance frameworks, and extensive client interaction. All of our IT Advisory services are designed for the dual purpose of strengthening internal controls and meeting compliance requirements.
IT advisory services focus on helping clients protect the security and integrity of their information by assessing the people, processes, and technology in place. Types of engagements for this role are likely to include PCI compliance assessments, cybersecurity risk and technical assessments, cyber policy procedure reviews, and Service and Organization Controls (SOC) 1, 2, 3, and SOC for Cyber reporting.
- Execute assessments within the domains of: Security Policy, Security Governance, Access and Authentication Management, Threat and Vulnerability Management, Security Infrastructure and Architecture, Application Security Architecture, and Incident Response Management.
- Oversee the performance of cybersecurity staff, leading assessment testing procedures, and reviewing team members’ work product.
- Analyze documentation, process information, technical configurations, or other client provided information and document the results of conversations and analysis.
- Stay abreast of current and emerging security risks across multiple industries, including healthcare, financial, retail, insurance, and public sector.
- Research new technologies, understand existing processes, and reference recognized standards and frameworks.
- Clearly articulate the status and results of work performed, both orally and in written form, to internal management and DHG clients Interface with our project clients to identify and understand potential risk areas.
- Contribute to the definition of final project scope, approach, and deliverables.
- Develop other staff in assessment methodology, the understanding IT process and controls, and direct some staff activities.
- Operate effectively and with minimal supervision, within a team or independently, performing special projects and related duties, as assigned.
- Pursue continuous professional development through internal/external training, certifications and/or continuing education.
- Identify opportunities for continuous improvement and enhancement to work programs and processes.
- Minimum of 5 years of experience in the cybersecurity industry required, with 2-3 years of experience in cybersecurity governance, risk, and/or compliance audit and assessment preferred.
- Bachelor’s Degree in Cybersecurity, Computer Science, MIS, Information Security, or a related discipline required.
- Strong IT Security knowledge required. Specifically, knowledge in one or more of the following areas: application security, network security, IT infrastructure, Windows and/or Linux system administration, database security.
- Working experience and/or knowledge of web and mobile technology preferred
- Experience with common security risk frameworks, including NIST 800-53 controls, the NIST Cybersecurity Framework, HIPAA, PCI, and CIS Critical Security Controls required.
- Strong conceptual thinking aptitude required.
- Strong interpersonal skills, including: written and verbal communications, willingness to assist in areas outside of direct assignments when necessary, and commitment to self-improvement and completion of team objectives required.
- Professional certification (e.g., CISSP, CISM, CISA, SANS, etc.) is a plus. Willingness to work toward achieving professional cyber credentials is required.
- Previous experience as a PCI Qualified Security Assessor and/or HITRUST Certified Assessor is a plus, but not required.
- Previous consulting, internal audit, or compliance experience is a plus.
- Ability to travel up to 60% annually, primarily in the southeastern United States, preferred. Typical travel in this role is 50 to 75% annually.