Cybersecurity Consultant, Crisis Operations

at  Ensign InfoSecurity

Ensign is hiring !
We are seeking a highly skilled and experienced Cybersecurity Consultant to join our team. Aside from delivering cybersecurity strategy projects, you will play a pivotal role in supporting the Senior Cybersecurity Consultant (Crisis Operations) in providing strategic guidance, expert advice, and hands-on support to senior executives before, during and after cyber-related incidents/crisis, drawing from your extensive experience as an incident commander or crisis secretariat.

Responsibilities:

• Perform research and analysis on regulations and policies to determine alignment and assist with the development, implementation and tracking of the progress of clients’ objectives with supporting goal targets.
• Develop appropriate methodologies, frameworks and approaches to address project objectives, drive the clients towards positive business results, reinforce the clients’ strategic objectives, achieve improvements in effectiveness, gain efficiencies and increase digital maturity.
• Collaborate with the senior consultant for crisis operations to develop and implement strategies for proactive crisis management and incident response.
• Curate, digest and utilise the latest threat intelligence and trends and incorporate this information into the deliverables.
• Be part of the team led by the Senior Lead Senior Cybersecurity Consultant (Crisis Operations) to conduct simulation exercises, post-incident reviews, and other related training, to improve our customers maturity to detect, respond and recover from cyber-related incidents and/or crisis. This includes the crafting of reports and presentation material to deliver findings to our customers.
• Stay abreast of emerging cyber threats, attack techniques, and incident response best practices, and share insights and recommendations with clients to enhance their cybersecurity posture.
• Prepare comprehensive incident reports and presentations for senior management, regulatory authorities, and other stakeholders, detailing incident timelines, impact assessment, remediation actions, and lessons learned.
• Seek improvement areas in customer’s crisis response plans and playbooks and offer tailored recommendations aligned to the risk profiles of our clients, ensuring readiness and resilience in the face of cyber threats.
• Collaborate with our customer’s cross-functional teams, including cybersecurity analysts, forensic experts, legal counsel, and executive leadership, to coordinate the collection of information to aid the Senior Lead Senior Cybersecurity Consultant (Crisis Operations) in carrying out his duties.
• Communicate effectively with internal and external stakeholders, including board members, executives, regulatory authorities, law enforcement agencies, legal counsel, communications professionals, and external vendors to facilitate collaboration and transparency throughout the crisis.
• Assist the Senior Lead Senior Cybersecurity Consultant (Crisis Operations) in the preparation of material to contribute to the conduct of post-incident reviews and lessons learned sessions with clients’ leadership teams to identify areas for improvement and enhance preparedness for future cyber-related crises.

Qualifications:

• Minimally a Bachelor’s degree in Computer Science, Information Technology, or a related field.
• At least 3 years of experience in cybersecurity incident response, with a proven track record of serving as an incident commander or crisis secretariate in cyber crises.
• Direct experience participating in three or more cybersecurity crises, demonstrating the ability to remain calm under pressure, make sound decisions, and communicate effectively with senior leaders.
• Industry certifications such as CISSP, CISA, CISM, GICSP, Cloud-related certifications or equivalent are highly desired.

Preferred Skills /Qualities:

• Familiar with crisis management, business continuity, system recovery approaches and frameworks.
• Familiar with international Cybersecurity standards, including NIST Cybersecurity Framework, NIST SP 800-53, or ISO 27001/2 and other relevant frameworks and standards.
• Familiar or keen in research, technical and business documentation, and analysis.
• Familiar with Singapore Government regulations and policies in relation to Risk Management and Cybersecurity.
• Familiar with the MITRE ATT&CK Framework in security operations, threat Intel and wargaming.
• Familiar with designing, developing and delivering incident to crisis management, business continuity, disaster recovery simulation exercises, especially in the context of cybersecurity.
• Strong understanding of cybersecurity principles, technologies, and best practices, including incident detection, response, and recovery.
• Excellent communication and interpersonal skills, with the ability to build trust and credibility with senior executives and key stakeholders.
• Exceptional problem-solving skills, with the ability to think critically and analytically in fast-paced and complex environments.
• Ability to demonstrate flexibility, initiative, and innovation in dealing with ambiguous, fast-paced situations.
• Ability to perform with minimal supervision.
• Proficiency in one or more regional languages and dialects, including English.
• Applicants selected may be subjected to security screening and may need to meet eligibility requirements for access to classified information.
• A passion for cybersecurity and a commitment to continuous learning and professional development.

• Perform research and analysis on regulations and policies to determine alignment and assist with the development, implementation and tracking of the progress of clients’ objectives with supporting goal targets.
• Develop appropriate methodologies, frameworks and approaches to address project objectives, drive the clients towards positive business results, reinforce the clients’ strategic objectives, achieve improvements in effectiveness, gain efficiencies and increase digital maturity.
• Collaborate with the senior consultant for crisis operations to develop and implement strategies for proactive crisis management and incident response.
• Curate, digest and utilise the latest threat intelligence and trends and incorporate this information into the deliverables.
• Be part of the team led by the Senior Lead Senior Cybersecurity Consultant (Crisis Operations) to conduct simulation exercises, post-incident reviews, and other related training, to improve our customers maturity to detect, respond and recover from cyber-related incidents and/or crisis. This includes the crafting of reports and presentation material to deliver findings to our customers.
• Stay abreast of emerging cyber threats, attack techniques, and incident response best practices, and share insights and recommendations with clients to enhance their cybersecurity posture.
• Prepare comprehensive incident reports and presentations for senior management, regulatory authorities, and other stakeholders, detailing incident timelines, impact assessment, remediation actions, and lessons learned.
• Seek improvement areas in customer’s crisis response plans and playbooks and offer tailored recommendations aligned to the risk profiles of our clients, ensuring readiness and resilience in the face of cyber threats.
• Collaborate with our customer’s cross-functional teams, including cybersecurity analysts, forensic experts, legal counsel, and executive leadership, to coordinate the collection of information to aid the Senior Lead Senior Cybersecurity Consultant (Crisis Operations) in carrying out his duties.
• Communicate effectively with internal and external stakeholders, including board members, executives, regulatory authorities, law enforcement agencies, legal counsel, communications professionals, and external vendors to facilitate collaboration and transparency throughout the crisis.
• Assist the Senior Lead Senior Cybersecurity Consultant (Crisis Operations) in the preparation of material to contribute to the conduct of post-incident reviews and lessons learned sessions with clients’ leadership teams to identify areas for improvement and enhance preparedness for future cyber-related crises