Deputy CISO

S

Sentinel Blue

Deputy CISO

Remote,
Full Time
Paid
  • Responsibilities

    Sentinel Blue is looking for a Deputy CISO to join our Information Security team. This role is for an experienced technical security practitioner and leader who is looking to take the next step in their career. Our ideal person for this role is passionate and enthusiastic, an excellent communicator, and a subject matter expert in practical information security; we need someone who can communicate the complex concepts in security to non-technical personnel. Broad experience across many domains of IT and security is desirable. This role will primarily be involved in client-facing activity, serving as an advisor, overseeing technical work, managing organization compliance programs and contributing to training, among other topics. This is a role that the right person will be able to do as much as they want with; there is no ceiling. This role will report to the CISO and have opportunity to take on technical projects internal to the organization along with client activity. This is a client facing role and requires a high level of comfort in social settings.

    This is a full-time position that is fully remote. Schedule and hours are flexible. Due to the nature of our work, you must be a U.S. citizen with eligibility for a clearance. No exceptions.

    A day in the Deputy CISO role:

    The Deputy CISO starts the day with a standup call with the team to cover anything noteworthy for the day. They may next have a check-in call with the SOC team to review any active incidents or threat hunts, or be asked to join the Engineering team for a discussion on an ongoing technical project. The Deputy CISO may next have a client meeting to discuss progress on compliance and will prepare reporting on status of open compliance items. From there, the Deputy CISO may meet with the internal Technology team to review internal tooling and security improvements, such as attack surface reduction. The Deputy CISO will review and audit configurations and reports from the SecOps and TechOps teams and provide oversight and guidance. Next, they may even contribute some code to an internal project, or implement a new security configuration. Additionally, they may need to review and update internal and client documents, such as security plan and policy documents. The Deputy CISO may also be asked to collaborate with our Marketing team to produce meaningful content or arrange to speak at conferences. Throughout the week, the Deputy CISO will be invited to join conversations with junior employees and will be expected to provide education and guidance on security topics.

    Responsibilities:

    • Track and manage client compliance program objectives, to include implementation of security controls, oversight of projects, production of documentation, and updates to compliance tracking tooling.
    • Provide subject matter expertise and guidance to clients, partners and internal teams on information security topics.
    • Produce and present reporting on security programs, incidents, projects and other topics of interest to internal and client leadership.
    • Consult with Security Operations team and Security Operations Center on incidents and projects.
    • Author and update program and policy documents, internal and with clients.
    • Train and educate Operations staff on information security topics in formal and informal training settings.
    • Develop and maintain deep technical expertise in the technology stack used by Sentinel Blue to deliver services.
    • Attend conferences and training to continually improve personally and bring knowledge back to the organization and team.
    • Constantly seek ways to innovate and improve on security outcomes.
    • Contribute to internal knowledge bases, client education articles, and public release articles and research papers.

    What We Can Offer:

    Sentinel Blue is a young company with a focused mission: We're bringing enterprise-class cybersecurity to small and medium sized businesses. Frankly, we're pushing the envelope of how things are done and constantly seeking innovative ways to meet that mission. The pace is fast, and we're always learning new things. This is a great place if you want to expose yourself to new and emerging technologies, want to be challenged, and want to feel the impact of your efforts. The right person will find themselves in a fun, dynamic environment, working on interesting problems and making a real difference. The team is energetic, motivated and high performing; we only hire those we believe will continue to elevate our game.

    Requirements:

    • U.S. citizenship - by nature of our work with the defense industry, all employees must be eligible for a Secret clearance.
    • Security+ (or higher) certification at hire or within 90 days of hire.
    • Advanced knowledge and experience with implementing security capabilities in a technology environment; practical skills are a must. ****
    • Advanced knowledge and experience with implementing industry security frameworks, such as the NIST Cybersecurity Framework, CIS Controls, ISO 27001, NIST 800-171 and CMMC.
    • Self-motivated and energetic collaborator who constantly seeks ways to improve the organization and thrives in a high paced environment. ****
    • Broad information technology knowledge, with ability to explain basic computing and networking concepts to laymen.
    • Excellent communication skills. Must be able to communicate information security objectives to non-technical personnel successfully.

    Desired Qualifications:

    • Experience in a multi-client environment - experience in managed services is highly desired.

    • **Experience with NIST 800-171, DFARS 7012 and CMMC is highly desired.
      **

    • **CISSP, CISM, or other prominent security certification demonstrating your expertise in the field.
      **

    • Advanced understanding of security fundamentals (least privilege, RBAC, audit logging, endpoint security, change management)

    • Experience with Microsoft 365 and Azure, particularly with M365 GCC High and Azure Government is highly desired.

    • Knowledge and passion for cloud-first architecture, including experience building and deploying systems in Azure

    • Public speaking and social media content production - this is not required, but for someone interested in developing thought leadership, there is opportunity.

    Benefits:

    • Fully paid individual healthcare, vision and dental insurance for the employee.
    • Paid certification and training opportunities.
    • Three weeks of paid vacation + 10 paid holidays.
    • A supportive environment with a focus on keeping healthy work-life balance.
    • Retirement benefit (401k) with company match.
    • Remote work stipend.