vCISO virtual Consultant
vCISO (virtual) Consultant
On Site position
The candidate must have a minimum of ten (10) years of experience providing vCISO services to organizations with at least 350 or more network users spread across 5 or more physical sites.
The vCISO Candidate must have the following experience:
Ten (10) years of experience immediately preceding date of proposals in a lead or senior role providing information security services to governmental entities; and
A bachelor s degree in a related field; and Ten (10) years experience with organizations of 350 or more network users spread across 5 or more physical sites; and
Required Certifications of Respondent s proposed vCISO that is responsible for performing the service:
Certified Information Security Systems Professional (CISSP)
Certified Information Systems Auditor or Manager (CISA or CISM)
SKILLS
Provide documentation of at least Ten (10) years of the vCISO candidate s experience immediately preceding date of proposals in a lead or senior role providing information security services to governmental entities providing at least three (3) similar projects.
d) Provide documentation of at least Ten (10) years experience with organizations of 350 or more network users spread across 5 or more physical sites
e) Describe vCISO candidate s experience developing incident response plans
f) Describe vCISO candidate s experience developing vendor risk management programs
g) Describe vCISO candidate s experience designing data protection strategies
h) Describe vCISO candidate s experience with actual incident response support
SPECIFIC TECHNICAL MERIT
I. Endpoint Detection and Response.
II. Vulnerability Management.
III. Patch Management.
IV. Security Incident and Event Management.
V. Microsoft M365.
i. Information Protection and Governance.
ii. Azure AD.
iii. Entra ID.
iv. Intune.
b) Describe vCISO candidate s experience with the following operating systems:
I. Microsoft Windows.
II. Microsoft Server.
III. VMWare.
IV. Linux
Program Development
Establish and document a cybersecurity program during the first 6 months of the contract.
i. The program shall address:
1) NIST Cybersecurity Framework.
2) NIST controls catalog.
3) NIST methodology for systems and data categorization.
ii. Evaluate current practices and guiding documents.
iii. Develop a vision, mission, and strategy document that is endorsed by the executive leadership.
iv. Develop a charter document that is endorsed by the executive leadership.
v. Provide recommendations for program staffing.
b) Consolidate current incident response plan (IRP) components into a stand-alone IRP.
c) Develop and document a vulnerability and patch management program.
d) Develop a Risk matrix for the District s information technology.
e) Develop a Vendor Risk Management program.
f) Develop a Cybersecurity Questionnaire for critical suppliers.
g) Review current cybersecurity awareness training and recommend a training program for employees, including where in the organization the training program should reside.
Ongoing Support
The vCISO shall:
a) Attend and contribute to periodic District Security Committee meetings. It is anticipated that these will occur monthly.
b) Conduct monthly cybersecurity check in meetings.
c) Provide threat intelligence in a digital report monthly.
d) Conduct an annual cybersecurity assessment and provide at a minimum:
i. A detailed report identifying opportunities for improvement and
ii. An executive summary and presentation to District executive leadership.
e) Participate in daily meetings during the week of the District s annual disaster recovery exercise.
3. Incident Response
a) The vCISO shall provide 24/7/365 availability for incident response.
DIRECT CANDIDATES ONLY. PLEASE. NO THIRD PARTY
CANDIDATE WHO CAN WORK FOR ANY EMPLOYER IN USA WITHOUT ANY SPONSORSHIP
Please submit your resume along with the following must required information to:
Contact number
Email
Current location
Work Authorization
Availability
Pay Rate
...
vCISO (virtual) Consultant
On Site position
The candidate must have a minimum of ten (10) years of experience providing vCISO services to organizations with at least 350 or more network users spread across 5 or more physical sites.
The vCISO Candidate must have the following experience:
Ten (10) years of experience immediately preceding date of proposals in a lead or senior role providing information security services to governmental entities; and
A bachelor s degree in a related field; and Ten (10) years experience with organizations of 350 or more network users spread across 5 or more physical sites; and
Required Certifications of Respondent s proposed vCISO that is responsible for performing the service:
Certified Information Security Systems Professional (CISSP)
Certified Information Systems Auditor or Manager (CISA or CISM)
SKILLS
Provide documentation of at least Ten (10) years of the vCISO candidate s experience immediately preceding date of proposals in a lead or senior role providing information security services to governmental entities providing at least three (3) similar projects.
d) Provide documentation of at least Ten (10) years experience with organizations of 350 or more network users spread across 5 or more physical sites
e) Describe vCISO candidate s experience developing incident response plans
f) Describe vCISO candidate s experience developing vendor risk management programs
g) Describe vCISO candidate s experience designing data protection strategies
h) Describe vCISO candidate s experience with actual incident response support
SPECIFIC TECHNICAL MERIT
I. Endpoint Detection and Response.
II. Vulnerability Management.
III. Patch Management.
IV. Security Incident and Event Management.
V. Microsoft M365.
i. Information Protection and Governance.
ii. Azure AD.
iii. Entra ID.
iv. Intune.
b) Describe vCISO candidate s experience with the following operating systems:
I. Microsoft Windows.
II. Microsoft Server.
III. VMWare.
IV. Linux
Program Development
Establish and document a cybersecurity program during the first 6 months of the contract.
i. The program shall address:
1) NIST Cybersecurity Framework.
2) NIST controls catalog.
3) NIST methodology for systems and data categorization.
ii. Evaluate current practices and guiding documents.
iii. Develop a vision, mission, and strategy document that is endorsed by the executive leadership.
iv. Develop a charter document that is endorsed by the executive leadership.
v. Provide recommendations for program staffing.
b) Consolidate current incident response plan (IRP) components into a stand-alone IRP.
c) Develop and document a vulnerability and patch management program.
d) Develop a Risk matrix for the District s information technology.
e) Develop a Vendor Risk Management program.
f) Develop a Cybersecurity Questionnaire for critical suppliers.
g) Review current cybersecurity awareness training and recommend a training program for employees, including where in the organization the training program should reside.
Ongoing Support
The vCISO shall:
a) Attend and contribute to periodic District Security Committee meetings. It is anticipated that these will occur monthly.
b) Conduct monthly cybersecurity check in meetings.
c) Provide threat intelligence in a digital report monthly.
d) Conduct an annual cybersecurity assessment and provide at a minimum:
i. A detailed report identifying opportunities for improvement and
ii. An executive summary and presentation to District executive leadership.
e) Participate in daily meetings during the week of the District s annual disaster recovery exercise.
3. Incident Response
a) The vCISO shall provide 24/7/365 availability for incident response.
DIRECT CANDIDATES ONLY. PLEASE. NO THIRD PARTY
CANDIDATE WHO CAN WORK FOR ANY EMPLOYER IN USA WITHOUT ANY SPONSORSHIP
Please submit your resume along with the following must required information to:
Contact number
Email
Current location
Work Authorization
Availability
Pay Rate
...