CFGI logo

CFGI

United StatesUnited StatesUnited States

Cybersecurity - Director

full-timeHybrid
cybersecurity
data privacy
risk management
compliance
security

About CFGI:

CFGI is a unique and highly specialized financial consulting firm that is strategically positioned to assist the office of the CFO through a range of routine and complex business scenarios. As an extension of your corporate finance team, CFGI works alongside your internal staff, serving in a variety of roles from technical accounting advisor, M&A support, tax services, etc. delivering seamless support services.

Technical & Domain Experience:

  • Build cybersecurity Process Risk & Control frameworks for clients that are rationalized against applicable laws and standards.
  • Conduct Risk Assessment and Maturity Assessments for clients.
  • Audit Control definition and control testing against client’s Internal Audit framework, or against industry standards or laws & regulations.
  • Conduct Cybersecurity and Data Privacy Compliance readiness assessments for clients.
  • Guide clients in establishing cybersecurity policies, standards, and procedures.
  • Manage cybersecurity training & awareness services for clients from design to implementation.
  • Oversee the implementation and management of security tools, technologies, and processes.
  • Advise clients on cybersecurity functions’ metrics and reporting for various level of client audiences including Audit Committee and Board of Directors.
  • Be the client’s Subject Matter Expert on compliance questions for cybersecurity regulations and industry practices.
  • Provide governance services for clients to oversee their cybersecurity functions and practices, including governance over: Policies & Procedures, Risk Management, Vulnerability Management, Incident Management, etc.
  • Build Risk Management practices for clients, including policies, procedures, Risk Register, etc.
  • Assist clients in implementing market GRC tools.
  • Lead Third Party Risk Management (TPRM) for clients, including designing and operationalizing a TPRM framework, reviewing existing and new vendors for clients, and provide ongoing monitoring services.
  • Needs strong understanding/experience of the German/EU regulatory compliance landscape in Cybersecurity / Data Privacy space and its impact on businesses.

Process & Project Management Experience:

  • Ability to prioritize and multitask. Flexibility and adaptability in work approach.
  • Ability to manage project plans for client various data privacy engagements, including creating tasks, timeline and budgets.
  • Ability to report to leadership and clients on status updates periodically, including progress and challenges.

Soft Skills:

  • Strong interpersonal and communication skills; experience with cross-cultural communications.
  • Agile and flexible, capable of dealing with ambiguity, and confront challenges and opportunities with speed, endurance and decisiveness.
  • Manage a team of consultants and managers on various projects.
  • Language preference – German, French & English

Technical Qualifications and Certifications:

  • Bachelor’s degree in business, computer science, information systems, engineering, or a related discipline.
  • Strong knowledge in national and global industry practices and regulations in Cybersecurity and Data Privacy, including NIST CSF, CIS, PCI DSS, HIPAA, ISO27001, CMMC, FedRAMP, SOX, GDPR, CCPA, etc.
  • Industry certifications would be preferred but not required: CISSP, CISM, etc.