IT Security Analyst – Pen Testing/GRC
Title: IT Security Analyst – Pen Testing/GRC
Type: 3-6 months contract to hire (full time)
Location: fully remote, need to work East Coast hours (preferably someone on East Coast)
Must Have: 5 years of background in consulting services (helping companies figure out their Cyber Security needs working with enterprise clients); certifications. min - the CISSP; Pen Testing and knowledge of GRC; understanding of IT - how it works and interacts with security; Very good Word and Excel skills; Perfect communication skills - must be able to work with their clients to identify their needs specific for their industry and then work to architect a solution for the client
US citizens and Green Card Holders and those authorized to work in the US are encouraged to apply. We are unable to sponsor H1b candidates at this time
A security consultant is responsible for having general expertise in privacy, compliance, governance, and risk management. This include an understanding in processes risks, security program architecture, risk assessment methodology, standards, and expertise in various privacy and compliance frameworks. This individual must have professional understanding of how information technology which includes how security is implemented, how security is assessed, and the translation of technical controls into security governance.
The consultant should be able to explain complex ideas in a concise manner. He/she should have good judgmental and decision making skills. Excellent analytical and interpretation skills would be of great help. Excellent communication skills and good presentation skills would be beneficial.
He or she will be working closely with a customer on assigned engagements, stays current on the information security industry (news, tools, techniques, and trends), obtains and retains industry-recognized information security certifications and Works with other consultants to share knowledge and assist as needed.
- Assist customers in security program development, documentation review, security consulting.
- Assist customers in cybersecurity administrative functions such as documentation maintenance, documentation creation, peer review, and other Cyber Security activities.
- Maintain their certifications and seek opportunities to acquire more training and education to maintain their expertise.
- Take the lead in assessing new projects and existing infrastructures within the customer’s organization.
- Demonstrate an ownership of projects and tasks couple with a sense of urgency in completing assign activities.
- Strong cross-functional team participant and collaborative approach to problem solving
- Ensure that all the data pertaining to the company and its clients is safeguarded
- Conduct information security assessments
- Be able to manage spreadsheets and manage security testing.
- Write reports
- Determine security risks and compliance requirements
- Conduct document reviews and interviews against compliance requirements and best-practices
- Develop recommendations for remediating risk and gaps
- Assess and remediate compliance with industry statutes and regulations across multiple industries that are relevant to IT (e.g. PCI, HIPAA, FEDRAMP, GLB, NIST 800-171)
- Knowledge of frameworks, including but not limited to: ISO 27001, NIST 800-53, and NIST CSF
- 5 years of experience focused on information security risk assessment, security testing and consulting.
- Bachelor’s Degree in Information Security or a related discipline. This will suffice for two years of information security experience.
- Competency in the areas of IT general computer controls specifically in information security, tools and utilities.
- Knowledge of risk and security operational practices
- Ability to work under pressure and to very short timelines
- Ability to communicate effectively at all levels.
- Ability to work independently as needed yet always thinking as part of a team
- Excellent knowledge of Microsoft Office products, especially Excel and Word
- Ability to travel
- Excellent communication and presentation skills.
- Self-motivated and self-directed.
- Experience in one or more compliance frameworks (PCI, HIPAA, etc.)
- Certified Information Security Professional (CISSP), or equivalent.
- A technical security certification such as GPEN, OSCP