InfoSec Advisors is seeking an Information Security Risk and Compliance Consultant to help advance the information security risk management team. We are seeking a self-motivated individual versed in information assurance and risk management. The candidate will have a broad understanding of security controls and can collaborate across organizations to achieve mutual goals.
Responsibilities may include but are not limited to:
- Conduct in-depth security assessments with business and technology partners.
- Research and understand emerging IT risk factors and their impact on the business environment
- Report and escalate issues appropriately and timely
- Provide recommendation to leadership on program effectiveness and enhancements
The ideal candidate will have a well-rounded information security background including a strong understanding of IT risk management, information security controls, industry standards, and best practices such as the NIST 800 series, NIST CSF, SSAE-16 and ISO 27000 series or equivalent.
The candidate should understand and have experience with the security configuration, as well as, various design controls, regulatory, legal, and contractual requirements impacting financial institutions (e.g. GLBA, SOX, FFIEC, and PCI).
The candidate additionally will have or exhibit the following:
- Strong writing skills with experience in documenting assessment procedures and results
- Diverse technical background including experience with multiple security technologies
- Ability to analyze and articulate implications of compliance requirements
- Skilled at communicating technical information to non-technical audiences and stakeholders at every level of the organization
- Ability to build and maintain relationships across diverse technical and non-technical teams
- Effective in communication with management and senior leadership, as well as technology SMEs
Qualifications/Minimum Requirements:
- Bachelor’s degree or equivalent work experience
- Minimum of 6 years of experience in information security and compliance
- One or more of the following certifications: CISSP, CISA, CISM, CEH, OSCP
- Understanding of financial industry legal, regulatory, and compliance requirements for information security
Preferred Skills:
- Graduate/Master’s level degree in the areas of information security, computer science, information technology management, technology auditing
- Experience in risk and compliance management and process development in the areas of information technology and security
- Working knowledge of industry leading security tools
- Experience in Network and Systems Administration
- Industry certifications in the area of information security, project management and technology auditing including: OSCP, CRISC, CISSP, CISM, CGEIT, CISA, GIAC GSEC, and/or comparable qualifications
Primary Location: SE or Mid-Atlantic Region of United States
Job Type: Full Time
Required Language: English