The Cyber Security Subject Matter Expert (SME) Consultant is a project-based, client-facing role responsible for providing cybersecurity expertise in support of client engagements. Ideal candidates will have experience consulting with large enterprises (e.g., Fortune 250) and possess deep technical and strategic knowledge of cybersecurity frameworks, technologies, and best practices.

The Cyber Security SME Consultant will collaborate with client stakeholders to understand their security requirements, assess risks, and design tailored cybersecurity solutions. The consultant will guide clients through complex transformation initiatives, ensuring compliance with relevant regulations, optimizing security frameworks, and helping mitigate emerging cyber threats.

The ideal candidate will have significant experience across multiple cybersecurity domains, excellent communication skills, and the ability to provide actionable recommendations that align with clients' business goals.

Must Have:

• Deep knowledge and practical experience with cybersecurity frameworks (e.g., NIST CSF, ISO 27001, CIS Controls).
• Expertise in identifying, prioritizing, and addressing cybersecurity risks and threats across networks, cloud platforms, and applications.
• Ability to build consensus with stakeholders and align cybersecurity strategies with business objectives.
• Proven ability to act as a trusted advisor to senior executives, delivering actionable recommendations.
• A self-starter who is solutions-oriented, thrives on continuous improvement, and works independently while being a team player.
• Flexibility to travel as needed, primarily within the U.S.
• Alignment with Yates culture and values.

Additional Details:

• Advisory & Consulting: 
• Lead security assessments, audits, and gap analyses to evaluate clients' security posture.
• Develop customized security roadmaps and strategies aligned with clients’ business goals.
• Provide advisory on security governance, regulatory compliance, and risk mitigation strategies (e.g., GDPR, SOC 2, PCI-DSS).
• Solution Design & Implementation: 
• Design, implement, and optimize security frameworks, ensuring they align with business priorities.
• Configure, deploy, and manage security technologies (e.g., SIEM, EDR, IAM, firewalls).
• Identify opportunities for automation and optimization in security processes through scripting (e.g., Python, PowerShell).
• Collaboration & Client Engagement: 
• Engage with key stakeholders across clients' organizations, including IT, Legal, and Compliance teams.
• Maintain clear, proactive communication to minimize risks of misunderstandings and misalignment.
• Facilitate virtual and on-site meetings to provide progress updates, recommendations, and thought leadership.
• Incident Response & Threat Management: 
• Develop and test incident response plans, ensuring clients are prepared to manage breaches effectively.
• Monitor emerging threats and vulnerabilities, advising clients on proactive mitigation measures.
• Leadership & Training: 
• Provide internal and external training sessions on cybersecurity frameworks and tools.
• Stay current with the latest industry trends, security technologies, and regulatory updates.
• Participate in industry forums and knowledge-sharing communities.

Candidate Profile:

• Education: Bachelor's or Master’s degree in Cybersecurity, Information Technology, or a related field (or equivalent experience).
• Experience: 
• 8+ years of experience in cybersecurity, with at least 3 years in consulting or advisory roles for large enterprises.
• Expertise in one or more security domains such as cloud security, network security, identity and access management (IAM), threat intelligence, and incident response.
• Proven experience designing, implementing, and optimizing security frameworks (e.g., NIST, ISO 27001).
• Certifications (Preferred): 
• CISSP, CISM, CISA, CRISC, CEH, or equivalent certifications.
• Cloud certifications (e.g., AWS Security Specialty, Microsoft Azure Security Engineer).
• Skills: 
• Strong knowledge of cybersecurity technologies (SIEM, DLP, EDR, etc.).
• Experience conducting security audits and vulnerability assessments.
• Exceptional analytical and problem-solving skills, with a focus on business-aligned security solutions.
• Excellent negotiation and communication skills, with the ability to present technical concepts to non-technical stakeholders.
• Additional Attributes: 
• Proven ability to work independently and support multiple client engagements simultaneously.
• Familiarity with software asset management (SAM) practices is a plus.
• Ability to adapt quickly to changing client needs, industry trends, and technology landscapes.

Beliefs and Cultural Tenets

Please read about our beliefs and cultural tenets. They are at the core of what makes our team exceptional.

• Love of learning, unstoppable curiosity, and a commitment to discovery in everything you do.
• Radical responsibility, taking accountability for your entire circumstance – professional, mental, emotional, spiritual, and supporting others in doing the same.
• Intention and commitment = results. This equation works both ways. If you want to understand your commitment, look at your results.
• Strong self-awareness, being genuine, and avoiding the judgment of others. Building trust by understanding where people are coming from and what they believe.
• Demonstrating integrity by being candid, honest, acknowledging feelings, and keeping agreements and commitments.
• Openly showing gratitude and appreciation, and being equally willing to accept it.
• Commitment to fun and play. Creating white space for rest and thinking, avoiding self-judgment that can kill creativity, learning, and curiosity.
• Challenging gossip and negativity with opportunities to take responsibility and create solutions.
• Always focusing on creating wins – for yourself, for your peers, for the organization, and for our clients.