Information Security Advisor

Lyra Technology Group is looking for a full-time Information Security Advisor to join the team at one of our operating companies, ImageQuest in Franklin, TN. The Information Security Advisor will work to safeguard client’s data, infrastructure, and reputational integrity by collaborating with expert teams to develop, implement, and sustain tailored Information Security Programs and leveraging cutting-edge security practices and ensuring adherence to industry-specific regulations.

Lyra Technology Group is a private equity-backed holding company that invests and operates industry leading technology service businesses. Our companies are operated independently by exceptional management teams. Companies that join our group retain the employees, name, and culture that have made them successful. As a platform of Evergreen Services Group, we never divest from businesses we partner with and approach every decision with the goal of driving sustainable and healthy growth over the long term.  

ImageQuest provides best-in-class IT services, IT consulting, IT support, and IT compliance and cybersecurity services to clients in Nashville, TN. Our Cloud Computing services are carefully designed solutions that keep your team productive, secure, and compliant - wherever they work. Our Cloud Computing solutions can reduce or eliminate your IT capital expenses, give what equipment you do have a longer life, and covert IT expenses at a predictable monthly cost.

• Support the designated Chief Information Security Officer or Information Security Officer with special projects.• Help develop and maintain the client’s Information Security Program.• Create, update, and maintain written Information Security Policies and Procedures tailored to meet the unique needs of each client and industry standards.• Participate in the collaboration with clients to ensure all policy and procedural documentation is current, accurate, and aligned with organizational goals.• Work with the Director of Advisory Services to identify opportunities for enhancing security documentation processes and improvements to ensure effectiveness and compliance with evolving security threats.• Assist clients in completing third-party information requests, such as security questionnaires, ensuring accurate and thorough responses with the assistance of relevant teams.• Provide clients with guidance on matters related to cyber insurance, tapping into internal resources and knowledge bases to deliver informed recommendations.

• Contribute insights into Advisory Services by participating in sales meetings and joining periodic business review calls with Relationship Managers, showcasing value to current and prospective clients.• Based on client engagement, coordinate or support responses to actual security incidents by leveraging the Cyber Incident Response Plan (CIRP) and collaborating with incident response teams.• Assist in the preparation and execution of the annual SOC 2 audit, providing necessary documentation and support.Risk Assessments• Lead and oversee annual risk assessments in compliance with regulatory requirements, identifying gaps and recommending corrective actions.• Develop a risk register to track gaps and corrective actions.• Develop and maintain a comprehensive calendar for risk assessments to ensure timely evaluations.• Participate in the development and implementation of risk mitigation strategies pertaining to information security.• Prepare a detailed Executive Summary, outlining the client’s current security posture and areas for improvement.Vendor Management• Develop and uphold comprehensive written policies and procedures for Vendor Management, with focus on new vendors and ongoing monitoring. • Support the Lead Information Security Advisor by coordinating vendor due diligence, ensuring consistent application of due diligence strategies across non-banking and banking client assignments.• Conduct non-banking client vendor reviews, ensuring all documentation is current and compliant with company standards, and create summary for presentation to client.Incident Response• Create, review, and manage comprehensive written policies and procedures for Cyber Incident Response Plans (CIRP), ensuring readiness and compliance.• Lead and coordinate incident response tabletop exercises.• Create Executive Summaries that highlight key takeaways and lessons learned from tabletop exercises.Business Continuity and Disaster Recovery• Create, review, and update of Business Continuity and Disaster Recovery Plans to ensure they remain current and effective, adapting to changes in client operations and external threat landscapes • Help organize and facilitate regular testing, including simulations and scenario-based exercises, to validate their effectiveness and readinessSecurity Awareness• Support and Implementation of Security Awareness Training Programs• Work closely with the Lead Advisor to support clients' ongoing Security Awareness Training Programs, ensuring alignment with strategic objectives.• Extract, analyze, and synthesize data from client’s KnowBe4 consoles to create detailed and actionable reports, providing insights for client discussions.• Implement and monitor client consoles by setting up and fine-tuning campaigns, smart groups, and ongoing phishing tests.Client Interaction and Issue Resolution• Actively oversee clients' consoles to detect and resolve issues, collaborating with KnowBe4, Breach Secure Now, and other relevant stakeholders to address these concerns on the clients' behalf.• Take the initiative to notify clients about users who are past due on their training to improve completion rates with personalized follow-ups and reminders.• Engage with clients to gather feedback on training experiences and report this feedback to the Lead • Advisor for potential integration into program strategy.Customization and Program Enhancement• Assist in customizing training content and testing cadences for clients, under the guidance of the Lead Advisor, to ensure that training solutions are specifically aligned with client needs.• Actively review established training programs, identifying gaps in learning, and making recommendations for enhancements to the Lead Advisor.• Develop expertise and stay current with software platform developments by participating in regular meetings and training.• Participate in client-facing meetings as required to present overviews of data analysis.

• Bachelor’s degree desired. Advanced degree a plus.• 4+ years information security, IT audit, compliance, and/or risk management experience desired.• Demonstrates a consultative approach to providing risk-based security and process.• Ability and desire to interact with clients.• Experience planning and executing policies and standards development.• Knowledge of business theory, business processes, and business office operations.• Excellent organizational skills with strong attention-to-detail.• Strong analytical and problem-solving skills with a proven ability to exercise initiative, judgment, and discretion.• Ability to function well in a high-paced environment.• Proficiency with standard business software.• The following are not required but would be considered a plus: o Knowledge of or experience in a regulated industry (e.g., healthcare, insurance, banking, etc.) o Understanding of support tools, techniques, and how technology is used to provide IT services o Exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems, including financial systems o Knowledge of security concepts related to IT infrastructure o Recommended certifications may include:  CISSP  CISA  CISM  Security+The targeted base compensation for this role is $75,000-$80,000 per year and will operate out of the Franklin, TN office on a hybrid basis.If you're motivated by meaningful client relationships, strategic selling, and a dynamic work environment—we want to hear from you.

Apply today to join the ImageQuest team and help deliver technology solutions that drive real business value!