Location: Remote 75 % of travel required to client side
Client Security Advisory Services is seeking a Governance, Risk and Compliance (GRC) consultant to work on GRC consulting projects for commercial customers.
We are seeking an innovative and motivated consultant who under general direction with a high level of autonomy, uses extensive knowledge and skills obtained through education and experience to perform the necessary assessment, analysis and consulting tasks related to specific regulations, industry standards and/or a customer’s unique requirements.
Client Security Advisory Services aspires to be a strategic partner in helping our more than 1,000 business and government clients in 90 countries better serve their customers and citizens.
We work to overcome their IT challenges, collaborating to make technology work for them, anytime and anywhere.
To make it matter, so they can achieve more.
With a dedication to quality and innovation, we deliver IT consulting, systems integration, and applications development.
Enterprises can also outsource IT functions and management to us in areas like infrastructure and business processes.
These efforts enable organizations to take the best advantage of cloud computing, information optimization and enhanced security measures to achieve their goals.
Analyze complex, enterprise environments from an information security perspective.
Develop comprehensive information security documentation Policies, Standards, Guidelines, Procedures Conduct risk assessments of business processes and supporting environments; including the determination of risk evaluating the existence of controls that help reduce risk determine residual risk and risk treatment plans.
Evaluate organizations against multiple best practice control frameworks, vertical specific requirements, or federal regulations ISO 27001/2 HIPAA COBIT NERC/CIP FISMA/NIST FFIEC PCI/DSS.
7+ years of experience with Governance Risk and Compliance within Information Security Bachelors’ degree in related field preferred Extensive experience with risk assessment frameworks/methodologies such as OCTAVE, CRAMM, NIST SP 800-37, ISAM, ISRM, ISO 27000, COBIT Deep understanding of IT security impacted regulations and/or standards such as HIPAA/HITECH, PCI, Sarbanes-Oxley, GLBA, etc.
Expert level experience with GRC platforms such as RSA Archer, Paisley, Lockpath, Modulo. Expertise in IT Governance frameworks such as COBIT, ISO 20000, ITIL.
One or more of the following:
Key industry certifications such as CISSP, ISSAP, CISM, CRISC, CISA, SANS, etc.
Experience with GDPR a significant plus.
Demonstrable experience in “soft” consultancy skills (ie, deliverable generation, communications, executive level presentation development/delivery).
Good analytical skills.
Understanding of basic financial analysis in support of providing cost estimations in delivery of large-scale security programs and associated activities.
Ability to develop new portfolio solutions from concept to market (methodology development, marketing, sales/internal training, etc).
Self-motivated individual who is keen to take ownership of allocated tasks and drive them to completion.
Appreciation of trends in IT security and IT risk management.
Experience and knowledge of security management frameworks in multiple industries like finance, pharma, manufacturing, travel/transportation, retail or insurance.
Information Security and regulatory compliance consultancy experience.
Ability to interact with customer risk and security stakeholders at all levels.