Reports To: VP, Cybersecurity Department: Cybersecurity Location: Remote Exemption Status: ExemptPURPOSE: The role of the Risk and Compliance Consultant provides the expertise required to properly scope and deliver cybersecurity solutions and services to our clients. They work closely with our clients to deliver risk management services that align industry best practices and regulatory requirements. The Risk and Compliance Consultant will identify risks and compliance gaps and collaborate with clients to prioritize and execute cybersecurity initiatives.
RESPONSIBILITIES:
Develop custom cybersecurity programs and drive cybersecurity initiatives that support regulatory requirements, risk appetite, budget targets, and desired outcomes
Performs cybersecurity risk assessments to identify and document client risks in accordance with industry best practices and regulatory bodies to include CMMC,
DFARS, NIST 800-171, NIST CSF, HIPAA, FDIC, GLBA, ISO 27001/2, PCIDSS, and MITRE ATT&CK
Continually manages risk management plans, milestones, and quarterly objectives to track progress and anticipate/notify of potential issues
Collaborates with IT resources and key stakeholders from other business units to assess impacts to business processes, consider compensating controls, and effectively communicate risk remediation initiatives
Leads monthly, quarterly, and annual presentations of risk management initiatives among client technical resources, key stakeholders, and senior management
Leads cybersecurity engineering resources to deliver vulnerability management, endpoint protection, privilege and identity management, network security, etc.
Actively monitors evolving threats and compliance changes and communicates findings to both Ascend and client stakeholders
Conducts vendor risk assessments to identify technical, operational, and compliance risks and recommend risk reduction strategies
Works closely with Ascend’s cybersecurity team to report issues, develop process improvement strategies, and ensure service success
Writes and updates cybersecurity policies and procedures aligned with client requirements
Leads cybersecurity training, tabletop exercises, and marketing events
Other Responsibilities as assigned by management
MINIMUM SKILLS, EDUCATION AND EXPERIENCE
5+ Years experience in cybersecurity, and framework alignment (CMMC, DFARS, NIST 800-171, NIST CSF, HIPAA, FDIC, GLBA, ISO 27001/2, CIS, etc.)
5+ Years of strong working knowledge of system, application, network, cloud, and data security best practices
One or more of the following certifications: CISSP, CISA, CISM, CRISC, GLSC, GSTRT, or equivalent
Proven success managing business risk, conducting vendor risk assessments, and executing cybersecurity controls
Working knowledge of Microsoft 365, Azure Active Directory/Active Directory, Security Awareness strategies, and Vulnerability Management practices
Excellent analytic, problem-solving, active-listening and decision-making skills
Excellent presentation, writing, interpersonal and communication skills
Comfortable engaging at executive levels to influence and provide strategic insight
Experience and/or strong desire to work in a fast-paced environment with evolving conditions
PREFERRED SKILLS, EDUCATION OR EXPERIENCE
5+ Years experience in Incident Response and Digital Forensics
Industry Specialized Certifications for PCI DSS, HITRUST, etc.
Working knowledge of PowerShell, Threat Hunting Techniques, SIEM, SOC, EDR Platforms, Privilege and Identity Management Platforms
Bachelor’s degree in computer science, management information systems, information Technology, engineering, mathematics, or a related field
At Ascend Technologies we firmly believe that diversity, equity, and inclusion are not only fundamental values but also powerful drivers of innovation, growth, and success. We are committed to fostering an environment where every individual feels valued, respected, and empowered.
CORE VALUES We are seeking highly motivated individuals who have the willingness and ability to demonstrate Ascend core values:
Committed to Client Success: Our actions and our words always align with the best interest of the client.
One Team: We work collaboratively to overcome challenges with humility and respect and do what it takes to find innovative solutions.
Integrity: We are unquestionably committed to doing the right thing even when it is hard.
Accountability: We hold ourselves and each other accountable for keeping our commitments to our clients, our communities, and one another.
Transparency: We create open lines of communication with each other and our clients, fostering relationships founded on candor and trust.