High-Level Details:
· Duration: 6-month initial, 2 ,6-month extensions
· Location: Can be remote but might have to travel to site up to 2 times.
Engage with key stakeholders to identify objectives and goals of the Cyber Security Program;
Gather and document business requirements of the security program by performing elicitation and
coordination tasks with internal and external stakeholders;
Review existing security governance and program documentation, and capture undocumented
processes, developing a picture of current state, including maturity levels across various business
capabilities;
Help to establish a security governance framework which will ensure ongoing oversight and
management of the security program;
Review security policies, standards and procedures, evaluating in accordance with industry best
practices and regulatory requirements;
Help define and improve information security KPI’s and KRI’s to measure the effectiveness of the
security program;
Facilitate information visualization mechanisms (dashboards, reports, etc.) allowing effective
communication of security status and trending to executive management;
Provide business analysis capabilities for high-profile projects such as the procurement and
implementation of a Privileged Access Management (PAM) suite;