SalaryUSD Market related Market related
SourceIrvine Technology Corporation (ITC)
NEW IT Security ConsultantWell branded industry leader is seeking a talented Consultant to join Security Risk and Compliance team! In this position you will be responsible for delivering on various assignments for our Fortune 100 and 1000 clients. This is a critical role within our client’s consulting team and you will be sought out to provide thought leadership to the overall practice through meaningful client work and security involvement!Data privacy and compliance are top skill sets neededResponsibilities
- Performing mid and large IT and information security risk and compliance assessments, PCI engagements, audits, gap analyses, and remediation
- Actively lead projects in the areas of PCI-DSS, PA-DSS, HITRUST, and ISO 27001.
- Communicating with project stakeholders to effectively convey requirements of technical and process improvements
- Develop customized policies, procedures and controls, disaster recovery plans and technical documentation for applications, systems and infrastructure.
- Possess an in-depth knowledge of IT security and various frameworks (i.e COBIT, NIST, ISO etc.)
- Experience in managing Policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans.
- 5+ years of experience in the information security, enterprise risk or compliance field.
- At least one other Security, Risk or IT certification (i.e. CRISC, CISA, CISSP, or ISO 27001) achieved or in process.
- Bachelor's Degree from an accredited 4 year university.
- Strong background within these disciplines:
- Compliance: regulatory, privacy, international laws and statutory requirements.
- Risk: risk frameworks, enterprise risk methodologies, and IT Security risk methodologies.
- Governance: maturity models, vendor management, policy frameworks, control design and security design/architecture.
- Security architecture: infrastructure, network and systems design.
- Knowledge of and hands-on experience with PCI, FEDRAMP, SOC2, and ISO 27001.
- Communicate effectively across business and technical boundaries.
- Work independently without detailed guidance.
- Be proficient in writing executive level reports and technical documentation.
- Client facing
- Risk assessments
- Compliance assessments
- GRC Consulting
- Policy and controls planning/stategy
- Data privacy and security consulting
- Internal/external network vulnerability assessments
- Penetration testing