Job Description :
Job Summary *
Collaborating with a variety of external strategic business and IT leaders this senior level consulting position must continually refine the organization*s IT Security & Risk Strategy, ensuring critical data, assets and infrastructure are secure by working to keep cyber defenses, operations and the overall organization prepared for current and ongoing threats. IT Security & Risk Strategy should align with the organization*s strategy / priorities and be communicated accordingly to executives and other stakeholders across the local government entities in State of Michigan. The Security consultant is expected to periodically communicate strategy, critical updates, and measurable progress against industry maturity level targets to the IT leadership team. He/She will be responsible for performing risk/security assessment, developing implementation plan and operationalizing it based on the organizational needs.

IT Risk Management
IT Risk Management * As a partner with the internal services, infrastructure, application and operational technology teams, will define risk measurement standards and repeatable ISO 27000 or equivalent framework for all components of IT risk, including but not limited to vendor, cloud, stability, supportability, regulatory, disaster preparedness, and security. The team will perform ongoing risk assessments and provide executive updates / escalation as necessary.

IT Regulatory & Compliance
* IT General Control (ITGC) Compliance & Audit Management * Define, measure and drive ITGC compliance including but not limited to defined regulatory requirements including but not limited to PCI and HIPAA. Partner with stakeholders to ensure compliance to PCI and HIPAA, and other applicable standards. Ensure all compliance activities are mapped to defined standards (e.g. ISO, NIST Executive Order, COBIT Act as primary interface to Audit organizations, including review of all IT-related audit findings, follow-ups and management response commitments.
* Security Training & Awareness * Continue to drive and expand organizational security training and awareness through repeatable and creative initiatives across an organization.
* Data Privacy - Responsible for the direction and oversight of matters governing appropriate access, security, privacy, and confidentiality of employee and other sensitive personal and organization information. Ensures organizational compliance with applicable statutory and regulatory requirements pertaining to the subjects of information security and privacy for the organization. Interfaces with Legal, HR and other appropriate departments.
* Project Design & Delivery * Manage multi-vendor teams in the design, development, deployment and support of many critical security related projects as part of achieving overall improved maturity of IT security capabilities.

IT Security Operations
IT Security Operations - Responsible for defining, developing, and managing the organization*s IT Security Operations function. This includes:

1) management of an internal security organization,

2) alignment with county operational technology asset monitoring requirements,

3) interfacing 3rd party Managed Security Services Providers for external network monitoring and cyber intelligence,

4) measurement of incident handling performance, and

5) working closely with external entities (industry, government) regarding current threats, indicators of compromise, or other intelligence. As a partner with the internal services, infrastructure, application and operational technology teams, will set the direction of and deliver the overall IT Security Architecture for the county being supported by this role.

Other Key Roles & Responsibilities:
* Conduct internal briefings with other senior leaders across the organization on a regular basis for broad based awareness of key updates such as cyber security operational performance, incidents or breaches, new strategic areas of focus and critical project updates.
* Define overall IT Security Strategy & Vision. Ensure IT Security Strategy clearly communicates future design and aligns to cyber security and risk objectives across each part of the organization.
* Present to audiences and forums internal and external to the organization on topics related to IT security, risk and compliance.

Education, Experience, & Skill Requirements
* Must possess and exhibit a high level of integrity and passion for the disciplines of IT Security & Risk.
* Ten plus years overall of multi-disciplined IT background.
* Prefer minimum of 5 years of experience in medium to large sized organizations.
* Ability and experience working across multiple organization and IT organizations to develop an integrated organizational IT Security & Risk Strategy
* Experience designing organizational IT Security Architecture, infrastructure and applications.
* Strong knowledge and experience in managing complex project plans with interdependencies between many different projects and initiatives.
* Experience working with external cyber intelligence organizations, such as MS-ISAC (NERC), ISC-CERT (DHS), FBI.
* Familiarity with standard risk frameworks, including ISO 27000, SANS, NIST 800-53, and standard compliance frameworks.
* Prefer degrees in Computer Science, Business, Engineering or Information Systems.
* Current certifications such as CISSP, CISA, and/or others as relevant will be preferred.
* Professional IT process / methodology certifications a plus (e.g., ITIL, CobIT, LEAN, Six Sigma) with experience implementing rigorous and efficient process / methodology across an organization. Prefer experience as a business or IT consultant.

Skills:
* Multi-disciplined IT background * Required * 10 Years
* Degree(s) in Computer Science, Business, Engineering or Information Systems * Highly desired * 1 Years
* Current certifications such as CISSP, CISA, and/or others as relevant will be preferred - Nice to have * 1 Years
* Professional IT process / methodology certifications (e.g., ITIL, CobIT, LEAN, Six Sigma) with experience implementing processes and methodologies. - Nice to have * 3 Years
* Experience as a business or IT consultant - Highly desired * 4 Years
* Strong knowledge and experience in managing complex project plans with interdependencies * Required * 5 Years