Senior Security Consultant, Cyber Risk & Compliance

Responsibilities:

• Lead customer engagements and project execution providing information security consultation and assessment services, helping our clients meet their compliance obligations by evaluating their business, technology, and operations against industry security standards.
• Provide clear, organized findings and recommendations to clients and tracking progress towards resolution and compliance.
• Develop strategic, operational, and tactical recommendations tailored to each customer with the intent to improve a customer's security posture and compliance position.
• Create detailed strategic security roadmaps with short-term, mid-term, and long-term goals that prioritize remediation recommendations and address all instances of non-compliance with applicable regulatory, statutory, contractual, and organizational obligations.
• Lead large security engagements in concert with other cybersecurity practices.
• Assess cloud security architecture, including IAM, encryption, logging, data residency, and workload security.
• Develop security policies, standards, and procedures that are custom-tailored to each customer's unique culture, security goals, and organizational objectives using industry best practices and compliance requirements.
• Review, analyze, and assess key factors, including inherent risk, mitigating controls, business impact, likelihood, and other key elements to determine organizational security risk.
• Work with other Security Consultants in a collaborative setting to support and assist on the execution and delivery of key services such as vCISO Services, security program development, documentation review, and security consulting services.
• Assist the CRC-Advisory practice lead in pre-sales activities, leading scoping discussions for PCI proposals, along with other frameworks and services.
• Delivery of client engagements to a high-quality, work would cover ISMS development, assisting companies gain ISO27001 certification, PCI-DSS compliance, NIST CSF, other areas of Governance, Risk and Compliance as required

Requirements:

• PCI QSA Certification is a must.
• Previous professional experience providing consultative services with industry standards such as NIST CSF, NIST 800-53, NIST 800-171, NIST RMF, CMMC, ISO 27001,HIPAA, HITRUST, SOC 2 Type 2, CIS, CCPA, GDPR
• Familiarity with cloud security frameworks and cloud-native security services in AWS, Azure, or GCP.
• Strong understanding of data protection principles, including data classification, retention, and secure disposal.
• Strong professional expertise in information security with the ability to thoroughly understand complex principles and apply them practically.
• Comfortably present security concepts and/or findings to both highly technical and entirely non-technical audiences.
• Ability to manage multiple tasks and responsibilities, work alone or in small teams, achieve established goals and objectives, and communicate progress in a timely manner.
• Must be analytical, innovative, possess a strong sense of attention to detail.
• Strong cross-functional team participant and collaborative approach to problem-solving.
• Strong verbal and written communication skills, organizational skills, and attention to detail.
• Desire to grow the business by identifying up-sell opportunities with existing and potential clients.
• Ability to be flexible and embrace change.
• Self-motivated and self-directed.
• Self-starter with the ability to manage their own tasks into a larger project or program effort.