Job Description

Cyber Security Program Manager

New York ,NY

a. Cybersecurity GRC Service The Cybersecurity GRC service will focus on providing high level security leadership, ensuring that Fortna s cybersecurity efforts are aligned with business objectives and industry best practices. It Provide strategic oversight, enhance cybersecurity governance, and align Fortna s security program with business objectives and regulatory requirements.

1. Security Strategy Development Review and update Fortna s security strategy to align with business needs and regulatory standards such as ISO 27001, NIST CSF 2.0. Develop, or mature currently existing, programs with staffing or outsourced resources.

2. Governance and Reporting Develop governance metrics and provide regular board level reports to track security posture and risk management performance.

3. Risk Management Framework Establish or enhance a risk management framework to prioritize and mitigate security risks, integrating threat intelligence and compliance requirements.

4. Incident Response and Crisis Management Review Fortna s incident response capabilities and ensure that the incident response plan is aligned with organizational objectives. 5. Compliance and Policy Maturation Assist in maturing Fortna s policies, including Acceptable Use, Data Governance, Vulnerability Management, and Third Party Risk Management policies, to ensure compliance with industry standards and regulatory requirements.

6. Board and Executive Communication Provide regular updates to Fortna s executive team on cybersecurity strategy, governance, threat landscape, and incident response performance.

7. The Cybersecurity GRC will also perform assessment of Fortna s cybersecurity posture using the latest NIST Cybersecurity Framework 2.0, which now includes the Govern function.

This assessment will evaluate Fortna s maturity across all five functions (Identify, Protect, Detect, Respond, and Recover) as well as the new Govern function.

a) Assessment Framework: Conduct the assessment using Fortna s internal tools and systems. Review existing documentation, controls, and processes to evaluate alignment with NIST CSF 2.0.

b) Assessment Phases 1 (Weeks 1 4):

Review and map current security controls to NIST CSF 2.0, focusing on the six key functions:

Identify: Asset management, risk management, and governance of security risks. Protect: Access control, data security, maintenance, and security awareness.

Detect: Detection processes, monitoring, and anomaly detection. Respond: Incident response planning, analysis, and mitigation. Recover: Recovery planning and improvements post incident. Govern: Organizational governance, including oversight, accountability, and policy management.

c) Assessment Phase 2 (Weeks 5 8): Analyze gaps in Fortna s security posture and develop an action plan to improve alignment with the desired NIST CSF 2.0 target profile. d) Reporting A detailed NIST CSF 2.0 Assessment Report including: Maturity levels, gap analysis and prioritized action plan. Recommendations for improving governance, risk management, and incident response.

Please reach me at raghu(at)mysbscorp(dot)com

Job Tags

Similar Jobs