Control Risks is looking for a US-based Associate Director to join its rapidly growing cyber Americas and global cyber response teams. This is a unique opportunity to grow a fast-paced and distinctive capability that requires a highly motivated individual to join an exceptional team.
The successful candidate will lead the delivery of Control Risks cyber response projects for insurance and directly retained clients, primarily in the US, but also across EMEA and APAC as needed. This will involve working closely with the regional cyber Americas team, consultants in other regional response teams, other internal service lines and external partners.
The primary responsibility will be to support the build out of a more significant Cyber Response capability in the US. This will involve planning for future capacity needs, as well as delivering exceptions consultancy to clients facing cyber related incidents.
The candidate must be a self-starter, proactive and be passionate about the challenge of managing cyber related incidents and corporate crises. The candidate will need to demonstrate excellent understanding of crisis response and cyber security concepts, specifically those relating to cyber threats, and proven proficiency in communicating under pressure to clients at the non-technical executive level.
This is a great opportunity to work in a fast-growing team grounded in Control Risks’ 40+ years of crisis management heritage and experience.
Tasks and responsibilities
Supporting the growth of the Cyber Americas practice:
- Support the build out of a more significant Cyber Response capability in the region, including planning for future capacity needs.
- Work with the global Cyber teams to develop marketing materials and support go-to-market activities to accelerate the growth of the business in the Americas.
- Work with our threat intelligence and risk consulting teams to refine cross-Cyber methodologies and help to refine and update Cyber Response methodologies.
- Drive the growth of new capabilities within the response team, in conjunction with other service lines where appropriate.
- Post-incident cyber crisis management, providing immediate verbal/written advice recorded in initial information gathering forms and ongoing advice covering:
- Liaison with key stakeholders, communicators/intermediaries.
- Options, contingency plans and recommendations for managing the technical and non-technical elements of response.
- Scoping additional technical support via the Digital Forensics department, as well as any non-technical support via external legal counsel.
- Discuss and input into communications strategies and plans.
- Lead crisis management team meetings to drive effective collaboration with internal and external stakeholders including law enforcement and regulators.
- Escalate case issues to proactively manage client expectations
- Develop and manage working relationships with our panel of technical partners for cyber response projects.
- Maintain records of cases worked on by Cyber Response.
- Identify and project manage other service lines working on cyber response cases (threat intelligence, risk consulting, forensics, e-Discovery, extortion response).
- Manage case management metrics tools and support in analysing case histories to drive insights for future use.
- Hire, develop and oversee junior members of the team.
- Provide situation reports and other significant case related material to the client.
- Provide documentation to management in sufficient time to allow review and feedback, before submitting to a client.
- Produce case summary and other reports as directed.
- Ensure other service line inputs are collected and aligned appropriately in final reports.
- Review outputs from consultants, ensuring quality and timeliness.
- Assist in the development of Cyber Response training programmes.
- Participate in and develop cyber incident management workshop training.
- Focus on identifying and developing business and promoting other Control Risks services, including cyber readiness and broader crisis management opportunities.
- Be the named duty officer on-call for urgent client requirements in the US, which will frequently require supporting our clients outside of standard working hours.
Knowledge and experience
- Relevant work experience in a cyber response related field with the public or private sector. Minimum 6 years.
- Understanding of current incident trends including how threat actors are leveraging extortive tactics to target victims.
- Understanding of the cyber threat landscape and key cyber security concepts.
- Ability to communicate clearly in written and oral form at senior levels.
- Able to explain difficult technical concepts and ideas in non-technical terms.
- Experience of cyber security issues, either within a consultancy or as a practitioner.
- Good knowledge of IT and network infrastructure.
- Ability to see security from the attacker’s point of view.
- Experience as a cyber incident or crisis manager helping to drive client crisis meetings and technology related discussions.
- Broad corporate crisis management experience and understanding of the interaction between departments (such as HR, Finance and Security) and levels of governance within a commercial organisation.
- Experience in reviewing and producing technical incident response reporting.
- Business proficiency in Spanish.
Qualifications and specialist skills
- Undergraduate degree
- Preferably a degree or masters in a field related to security, information security, intelligence or computer science.
- Recognised industry certifications e.g. CEH, CISSP, CISM, CISA, CRISC.
- An eagerness to find solutions which are practical and realistic to threats and risks that clients face.
- Ability to work irregular hours and respond at short notice to client requirements.
- Capable of handling multiple priorities and tight deadlines while interacting with colleagues and clients in sometimes challenging situations.
- Strong interpersonal skills; must be collegial, outgoing and able to network and influence both internally and externally with a sense of variety in people, industries and functions.
- Negotiation and influencing skills, including diplomacy and integrity.
- Ability to deliver business whilst maintaining highest professional standards – results orientated.
- Ability to challenge client decision in an appropriate and measured manner.
- Ability to travel domestically when required up to 50% of the time and to attend key meetings with clients, join marketing events and workshops etc.
All employees are expected to display behaviors reflective of our company values: Integrity and Ethics, Collaboration and Teamwork, Commitment to People, and Professionalism and Excellence.
- Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarised in the full job offer.
- Control Risks supports hybrid working arrangements, wherever possible, that emphasise the value of in-person time together – in the office and with our clients – while continuing to support flexible and remote working.
- Medical Benefits, Prescription Benefits, FSA, Dental Benefits, Vision Benefits, Life and AD&D, Voluntary Life and AD&D, Disability Benefits, Voluntary Benefits, 401 (K) Retirement, Nationwide Pet Insurance, Employee Assistance Program.
- As an equal opportunities employer, we encourage suitably qualified applicants from a wide range of backgrounds to apply and join us and are fully committed to equal treatment, free from discrimination, of all candidates throughout our recruitment process.