Fortress Security Risk Management is a nationally recognized full-spectrum cybersecurity firm dedicated to protecting its clients from the financial, operational, and emotional ravages of cybercrime. Headquartered in Cleveland, OH, Fortress primarily has a regional footprint but since digital technology has no borders, provides security services to clients in 13 states and in over 100 countries. 

Fortress provides a comprehensive and integrated suite of security services featuring:

Security Consulting

• Incident Response Planning
• GRC Advisory
• Frameworks Assessments
• M&A Cyber Due Diligence
• 3rd Party Vendor Risk
• Technical Testing
• Multi-Factor Authentication
• Identity & Access Management
• Insider Threat Detection
• Training/Phishing Tests

Managed Security Solutions

• Cyber-as-a-Service and Virtual CISO
• Managed Patching
• Endpoint Detection & Response
• Managed SIEM
• Managed Backup
• Help Desk

All managed and monitored in wholly owned and operated 24/7/365 U.S. security operations centers.

 Incident Response

• Contain & Control
• Threat Elimination & Disaster Recovery
• Digital Forensics & Investigations
• Litigation Support
• Remediation
• Crisis Project Management
• Post Incident Assessments & Improvement Roadmap

Fortress associates are dedicated to the communities in which we serve and actively participate on numerous nonprofit boards and tirelessly donate our time to many charitable organizations. 

The Security Consultant is responsible for gathering and analyzing information, formulating, and testing hypotheses, developing, and communicating recommendations to clients, and delivering on consulting engagements.  This position will also present results to client management and implement recommendations in collaboration with client and Fortress SRM team members.  The role focuses on the development of security assessments, incident response, security engineering, governance, risk, and compliance-related policies, cyber training processes and procedures, and proficiency in security-related project management.  Other responsibilites include: 

Consulting Contributions and Delivery: 

• Performs security and general business consulting through workshops and assessments that outline current business challenges and recommend Fortress SRM solution matches. 
• Performs security assessments, identify gaps in existing security architecture, and recommend changes or improvements. 
• Recommend solutions that align enterprise security architecture frameworks and standards (e.g., CIS Top 20 Critical Security Controls, NIST Cybersecurity Framework, NIST 800-53, ISO 27002) with overall business and security strategy. 
• Communicates effectively and partners with Sales, Account Executives, Management, and all levels of staff consistently with accomplishing objectives. 
• Authors strategic components of proposals, RFPs (Request for Proposal), and SOWs (Statement of Work). 
• Authors high quality consulting deliverables from workshops and assessments. 
• Participate in risk assessments for modern technologies and projects. 
• Document security requirements and controls for protecting information, systems, and technology assets. 

Sales Support: 

• Supports strategic security sales efforts by directly participating in pursuit planning sessions and follow-on meetings to identify pain points; develops consultative approach leading to successful engagement. 
• Represents, positions, and engages clients with Fortress SRM workshops and assessments resulting in solution blueprints for subsequent delivery by Fortress SRM. 

Catalyst Leader: 

• Provide thought leadership for Chain of Custody solution offerings and expansion. 
• Facilitate Client workshops and assessments in specified domain of expertise. 
• Assist with business and market development efforts including identifying opportunities, developing relationships, and scoping engagements. 

• 4-year degree in business management or technology related field, master’s degree preferred. 
• 5+ years of experience in consulting and security, and/or security-related project management.
• CISSP, CSSP, CISA, CISM, or other relevant security related designation(s). 
• Experience in identifying gaps in existing architectures. 
• Experience in designing security architectures to mitigate threats.
• Knowledge of computer networking concepts and protocols (e.g., TCP/IP, DNS (Domain Name System)) and network security methodologies. 
• Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML. Etc.). 
• Knowledge of capabilities and applications of network equipment including routers, switches, servers, transmission media, and related hardware. 
• Knowledge of remote access technology concepts. 
• Knowledge of application firewall concepts and functions (e.g., single point of authentication enforcement, data anonymization, DLP (Data Loss Prevention) scanning, SSL (Secure Sockets Layer) security). 
• Work experience in cybersecurity designs for systems, networks, and multi-level security requirements or requirements for processing multiple classification levels of data. 

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.