Senior Security Consultant - C2M2, ICS/SCADA/OT, GRC (Remote)

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation's top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.

• Perform maturity and risk assessments of ICS/OT/SCADA environments using industry frameworks such as C2M2 (Cybersecurity Capability Maturity Model) and NIST 800-82.
• Perform maturity and risk assessments against NIST CSF, ISO 27001, and other best practice security frameworks.
• Conduct qualitative risk assessments using a methodology that aligns to NIST 800-30.
• Deliver successful consulting engagements across multiple Governance and Risk offerings while maintaining a high degree of customer satisfaction.
• Develop information security policies, standards, plans, procedures, and other documentation to support customer adopted frameworks and industry standards.
• Develop a multi-year roadmap for all assessments to aid clients in prioritizing remediation activities.
• Establish strong relationships and trust with customers to understand customer's business environments and requirements.

• Develop security program strategic plans for multinational organizations in manufacturing, critical infrastructure/energy, and other ICS/OT/SCADA environments.
• Lead and execute services that drive the maturation of a security program within large organizations.

• Work with other GuidePoint Security practices as part of a cohesive cross-functional team.

• Minimum 3 years ICS/OT/SCADA direct experience performing C2M2 (Cybersecurity Capability Maturity Model) assessments, remediation, and other GRC-related consulting services for clients of various verticals, including manufacturing, critical infrastructure/energy, etc.
• Strong understanding of ICS/OT/SCADA security, components, challenges, and assessing and managing risk in these environments.
• Experience in ICS/OT/SCADA & cyber security experience with architecture and design of OT networks, security solutions.
• Strong understanding of key cyber security controls that should be implemented within ICS/OT/SCADA
• Strong understanding of ICS/OT/SCADA networks, protocols, assets/devices, and engineering of those solutions.
• Minimum of 5 years of combined GRC experience across private/public sector consulting and/or relevant education.
• Working knowledge of security frameworks including, NIST CSF, ISO 27K, and others.
• Basic understanding of all the functions within a security program, the ability to assess the maturity of a security program, and how to provide strategic recommendations and direction to senior leadership.
• Strong written and oral communication skills, which includes articulating thoughts and distilling complex problems into digestible information to be consumed by anyone from technical resources to the highest level of management; proven experience communicating clearly to technical levels up through C-Level and Board level.
• Strong written communication skills to aid in the creation of customer deliverables.
• Remain current on industry developments and incorporate into service delivery
• Strong ability to work independently and multi-task on multiple projects simultaneously.
• Personal drive and passion for growing themselves and the GnR Practice.

• Experience developing information security policies, standards, plans, procedures, and other documentation to support customer adopted frameworks and industry standards.
• Experience in reviewing and developing Security Incident Response Plans and Runbooks.
• Strong understanding and working knowledge of various risk assessment methodologies, using qualitative risk analysis.
• Experience leading the maturation of a security program within large organizations.
• Experience with driving cybersecurity assessments for M&As within large organizations.
• Publish content and/or perform conference speaking to demonstrate thought leadership
• Standard industry certifications are preferred, such as CISSP, CISA, CISM, CRISC, CBCP, GIAC, etc.

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions)
• 100% employer-paid medical and dental premiums with generous employer family contributions
• 11 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment