We are looking for a Cyber Security Manager to join our either our Boston, MA, or Washington, DC office. The Cyber Security Manager is responsible for the maintenance and development of a comprehensive information technology cyber security program and cyber security mitigation efforts for The Brattle Group. Assure that information and systems created, acquired or maintained by The Brattle Group, and its authorized users, is used in accordance with its intended purpose; to protect The Brattle Group’s information and its infrastructure from external or internal threats; and to assure that The Brattle Group complies with statutory and regulatory requirements regarding information access, security and privacy.
Some of the day-to-day responsibilities of this role include:
- Assure that the firm’s systems and its infrastructure are protected from external and internal threats
- Assure compliance with statutory and regulatory requirements regarding information access, security, and privacy
- Develop and deliver a comprehensive information technology cyber security program and cyber security mitigation efforts
- Work with external security vendor and IT personnel performing cyber security related tasks for network software systems
- Provide security information and guidance in the assistance of startup and deployment of servers, switches, firewalls, etc. within the firm’s infrastructure
- Coordinate system security related tasks and activities with IT staff and external vendor personnel
- Provide end user training to all employees regarding security protocols and policies
- Ensure the security of applications software utilized by The Brattle Group
- Serve as the compliance specialist with respect to state, federal and global information security policies, and internal audit. Prepare and submit required reports and updates to designated external parties. Act as the contact point for external auditors and agencies, survey requests, etc. on security matters.
- Coordinate and conduct third party and internal penetration testing and vulnerability assessments
- Incident Reporting and Response System to address security incidents (breaches), respond to alleged policy violations, or complaints from external parties. Ensure compliance with state, federal, and global regulations.
- Provide ongoing risk assessment program targeting information security and recommend methods for vulnerability detection and remediation, and oversee vulnerability testing
- Create and improve policies and procedures to ensure the security of sensitive data or systems that are accessible to, or held by, third party service providers.
- Coordinate the development and delivery of an education and training program on information security matters for employees and other authorized users
- Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to The Brattle Group in accordance with but not limited to NIST policies.
- Take part in Disaster Recovery Planning and Testing and Business Continuity.
- Bachelor’s Degree in Computer Science or relevant field required; advanced degree preferred. Security certifications such as CISSP, Security+ desired
- Five (5) plus years of experience working in Information Security, professional services experience desired
- Experience in developing and administering an information security program
- Technical expertise with Systems and Networking administration, Windows, firewalls, MS Server, SQL for on premises and Microsoft Azure cloud environments
- Knowledge of telecommunications, network and Internet security access control systems and methodology
- Demonstrated ability to grasp security concepts and demonstrated knowledge of security management practices, security architecture, security operations, and security modeling
- Knowledge of Risk Management techniques to defeat advanced attackers
- Ability to build rapport and maintain professional client relationships
- Sensitivity to accuracy, timeliness, and professionalism is imperative
- Ability to communicate clearly and present security findings with technical staff as well as non-technical colleagues
- Strong analytical and problem solving skills
- Requires flexibility to work long hours, occasional nights/weekends, including travel
We offer a generous compensation and benefits package, including medical, dental, 401K/profit sharing, life and disability insurance, paid time off, and internal professional development and training programs, designed to reward success at all levels. Details regarding compensation will be based on the candidate’s knowledge, skills, and experience.
In order to be considered for this position, you must apply through the link below by submitting a cover letter and resume.
The Brattle Group is an equal opportunity employer: Please read our full EEO statement here.