Information Security Subject Matter Expert (SME)

Lyra Technology Group is looking for a full-time Information Security Subject Matter Expert (SME) to join the team at one of our operating companies, ImageQuest in Franklin, TN. The Information Security SME will work to protect the client’s data, infrastructure, reputation, and compliance with industry-applicable regulations by supporting the execution of the established Information Security Program. As a subject matter expert, the Information Security SME works to ensure the client’s business remains compliant by gathering data, preparing reports, and preparing correct documentation.

This role provides critical documentation support of information security operations in the areas of: Vendor Management, Security Awareness, and Cybersecurity Health Checks.

Lyra Technology Group is a private equity-backed holding company that invests and operates industry leading technology service businesses. Our companies are operated independently by exceptional management teams. Companies that join our group retain the employees, name, and culture that have made them successful. As a platform of Evergreen Services Group, we never divest from businesses we partner with and approach every decision with the goal of driving sustainable and healthy growth over the long term.  

ImageQuest provides best-in-class IT services, IT consulting, IT support, and IT compliance and cybersecurity services to clients in Nashville, TN. Our Cloud Computing services are carefully designed solutions that keep your team productive, secure, and compliant - wherever they work. Our Cloud Computing solutions can reduce or eliminate your IT capital expenses, give what equipment you do have a longer life, and covert IT expenses into a predictable monthly cost.

• Support the implementation of information security programs by pulling detailed and accurate data to allow for creation of timely and correct client reports.• Collect data and prepare professional client-facing reports using ImageQuest approved presentation guidelines.• Manage vendor relationships to ensure all data is received from client and their vendors to build vendor profile, gather reports, and complete preliminary documentation review for completeness and accuracy before submitting for risk rationale and final vendor executive summary package.• Assist with internal process documentation to ensure procedures are up to date at all time.• Work to gain and maintain strong regulatory knowledge (i.e.: HIPAA, GLBA, etc.) along with a well-organized repository of reference information to refer to as needed.• For accounts with a Professional Services Agreement (PSA) in place, support information security operations with special projects as needed such as: o Transcribe incident response table-top exercises ensuring all details are captured accurately.

o Investigate and resolve tedious and complex documentation issues with patience and diligence. o Administrative and technical projects assigned.•

o Conduct non-banking client vendor reviews, ensuring all documentation is current and compliant with company standards, and create summary for presentation to client. o For banking clients: Assist in gathering due-diligence documentation for assessments and audits. o Set up Vendor Profiles in Nvendor, complete with primary contact and fourth-party vendors. o Review SOC reports and complete Executive Summaries. o Extract User Entity Controls and work with vendor owner (relationship manager) to complete.

o Prepare questions, follow up with vendors, and document their responses in preparation of handing off to Lead Advisor. o Conduct Vendor Performance Review process with Relationships Managers.•

o Work with Lead Advisor to support client’s ongoing Security Awareness Training Program. o Extract data from client’s KnowBe4 consoles to create comprehensive regularly scheduled reports. o Review established training program for gaps in learning and make recommendations to Lead Advisor. o Implement training program by setting up ongoing campaigns, smart groups, and phishing tests. o Monitor client’s KnowBe4 console and interact with KnowBe4 to resolve any issues on behalf of client.

o Notify clients of users who are past due on their training to increase completion rates.•

o Assist with internal health check data entry and management tasks to ensure the accuracy and completeness of information. o Pull, gather, and compile data for Health Check reports, ensuring all information is up-to-date and accurate. o Review Health Check reports to ensure cyber security initiatives are consistently followed (e.g., user access, patch reports, removing terminated employees from groups, etc.) and alert information security advisor of discrepancies.

• Bachelor’s degree in English, Communications, Information Security, or a relevant technical and writing experience.• Strong communication skills with excellent, professional writing skills required.• Proven experience in information security, data management, or a similar role a plus.• Patient and thorough with a keen eye for pattern recognition within data sets.• Excellent organizational skills with strong attention-to-detail.• Excellent listening skills, with the ability to understand and interpret technical information.• Strong analytical and reading comprehension with a proven ability to exercise initiative, judgment, and discretion.• Ability to multitask without errors and function well in a high-paced environment.• Positive attitude with willingness to learn and adapt to new tools and technologies.• Basic familiarity with Microsoft Office product family.• Experience with KnowBe4 consoles and information security documentation a plusThe targeted base compensation for this role is $55,000-65,000 per year and will operate out of the Franklin, TN office on a hybrid basis.If you're motivated by meaningful client relationships, strategic selling, and a dynamic work environment—we want to hear from you.

Apply today to join the ImageQuest team and help deliver technology solutions that drive real business value!