The Cyber Defense Process and Methods Lead is responsible for the overall processes that support the organizations cyber defense processes, assessing/auditing cyber capabilities in the realm of cyber security readiness, as well as industry alignment. The Lead will continue to build upon existing standards, and frameworks, in addition to NIST, ISO, to enhance and expand on the cyber exercise guides for the Cyber Defense organization that will be use to design, plan, and execute various types of threat/response exercises within the EY networks to evaluate our capabilities.
Assistant Director Responsibilities:
1. Management of Document Control project implementation
· Creating document control system
· Documenting, training, and disseminating the system and process to all Cyber Defense personnel
· Manage the ongoing use and upkeep of the system, including document version control, document cleanup, and the document review notifications, cycle, and compliance.
2. Management of Consolidated Cyber Defense SharePoint implementation
· Requirements gathering
· Cost analysis
· Oversee Development, testing, migration, and implementation.
3. Counselor of two FTE resources (including interviewing and hiring)
4. Assist with Management of ongoing services and improvement efforts
· Process documentation
· Post Mortems
· Exercise program
· Archer improvements - Support and Operational Quality Control for Security Incident Management
· Automation and process improvements to Archer System including Reporting
· Coverage for Auditing response.
Knowledge, Skills and experience requirements
· Strong Table Top exercise experience
· Risk assessment experience
· Strong technical writing skills (process, operations guides, run books, exercises, post mortem)
· Strong exercise control lead and facilitator and overall senior coordinator experience
· Strong system background, understand infrastructure
· Strong knowledge of information security technologies
· Strong research skills, and have written, and published exercise, or process documents for Information Technology. A plus if Security related.
· Excellent team skills and integrity in a professional environment
· Excellent social, and communication skills. Demonstrated integrity in a professional environment
· Knowledgeable in legal issues within information security environments (i.e., data privacy)
· Knowledge of IT Service Management ITIL
· 8+ years’ experience in two or more of the following:
· Experience with Information Technology / Cyber Security exercises
· Experience with technical writing processes, procedures etc.
· Deep understanding of NIST, ISO, and ITIL standards/frameworks.
· Deep understanding of project and program management.