Information Security Consultant
Company: Expedite Technology Solutions LLC
Posted on: March 16, 2023
This 100% remote position seeks a seasoned information security technical subject matter expert who can provide guidance on information security policies, procedures, technologies and compliance-related activities as a technical advisor and partner across the company.
Primary Areas of Responsibility
1. Perform and lead Vendor 3rd party assessment. Security and technology controls in place to protect data.
. Understand security and how to protect data
b. Review legal contracts on occasion.
c. Participate in quarterly business reviews.
d. Manage the relationship with the vendors
e. Hold quarterly review how vendors are doing, meeting sla's, etc.
f. Understand vendor risk
2. Perform internal security assessments.
. Assess particular applications
b. Also infrastructure assessments
c. Understand systems, technical environment/landscape
d. Stay abreast of industry trends, update techniques as new security risks become known.
3. Drive the integration of Archer GRC System with existing tools to automate vendor and internal assessment process. (Not a PM role)
. Have RSA Archer and Nancy would like to integrate Archer GRC into it.
b. Archer experience is very important - workflow, integration of outputs,
c. Nest 80053, ISO20071, PCI DSS) FFIAC IT Security Handbook
Qualified candidates should have 10 or more years of IT experience.
Consulting background could be good. Worked in the banking industry.
Excellent oral and written communication skills.
Poor grammar or typos will be an automatic rejection.
Think independently and make decisions
This is a leadership role, but no management responsibility.
Person will mentor others
Experience of Cloud Platforms, GCP, Amazon, Azure,
Data Center to Cloud migration experience
Security Best Practices with SaaS platforms (Security as a Solution)
Compliance assessor is okay
Will interact with a colleague in Europe.
Eastern or Central Time zone only. No farther West than that.
Responsibilities include leading the assessments of Tier 1 and 2 vendor technology and security controls, as well as assessments of Global Payments' internal technology and security controls, to determine control effectiveness.
This person will also drive integration of the company's Archer GRC system with other tools to deliver on the strategy to perform these assessments.
Identify risks associated with security control effectiveness and recommend potential solutions to mitigate or resolve, including defining compensating controls where feasible.
Work with key stakeholders at multiple levels in order to identify and align business and Information Security objectives, discover pain points, provide recommendations, and recognize current and future security needs.
Job Duties: Demonstrate broad knowledge and understanding of information security and technology across the company which is migrating to the cloud. Engage appropriate Infosec subject matter experts to mitigate risk.
Using industry standard requirements (NIST 800-53, PCI-DSS, ISO 2700x, FFIEC) , determine and execute scoping questions to formally assess and identify risks associated with critical and high risk level third party vendors as well as company internal controls. Produce final reports to leadership, identifying risks, rating the inherent risk level, as well as residual risk rating for all findings, and making recommendations for disposition.
Support legal contract reviews when needed, ensuring appropriate infosec clauses are in place, and participate in quarterly business reviews of vendors as needed.
Provide oversight and report on risk management programs to leadership for remediation of findings and evaluate and recommend solutions to reduce residual risk.
Identify internal information security risk trends across the organization based on the outcome from performance of security assessments, and provide monthly reporting as required by the team leader.
Act as the subject matter expert on Information Security matters, liaison with other subject matter experts when needed.
Mentor on new and emerging threats that can affect the organization's information assets.
Collaborate with senior leadership to build mutually beneficial relationships. Understand business objectives and provide direction based on best practices, risk, Corporate Policy, and association and regulatory guidelines.
Research and recommend long term strategies for improving existing processes and removing inefficiencies.
Provide guidance on internal and industry specific Infosec policies, procedures, and standards.
Research and stay current on the latest information security and technology trends, best practices, and technology developments, and report on new and emerging threats that can affect the organization's information assets.
Bachelor's Degree Relevant Experience or Degree in: Bachelor's degree in Computer Science, Info Security, or relevant work experience.
Minimum 8+ Years Relevant experience. Deep knowledge of following industry standards: National Institute of Standards and Technology 800-53 Cybersecurity Framework (NIST); Payment Card Industry Data Security Standard (PCI DSS); Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook - Information Security; an International Organization for Standardization (ISO) 27001/2
Desired Skills and Capabilities:
Previous and recent RSA Archer user. Knowledge of cloud platforms (Google, Amazon, Microsoft) and challenges associated with migrating from legacy on-prem platforms.
Knowledge of security best practices associated with SaaS and client relationships. General knowledge of following industry standards: General Data Protection Regulation (GDPR); Gramm Leach Bliley Act (GLBA); and Health Insurance Portability and Accountability Act (HIPAA)
Certification(s) / Licensing: Professional certifications in any of the information or risk management areas (i.e., CISSP (Certified Information System Security Professional); CISM (Certified Information Security Manager); CISA (Certified-Information-Systems-Auditor); GSEC (GIAC Security Essentials); Network+; Security+; etc.
Skills / Knowledge
- Having broad expertise or unique knowledge, uses skills to contribute to development of company objectives and principles and to achieve goals in creative and effective ways. Barriers to entry such as technical committee review may exist at this level.
Job Complexity - Works on significant and unique issues where analysis of situations or data requires an evaluation of intangibles. Exercises independent judgment in methods, techniques and evaluation criteria for obtaining results. Creates formal networks involving coordination among groups.
Supervision - Acts independently to determine methods and procedures on new or special assignments. May supervise the activities of others.
Risk Assessment - Ability to identify, communicate, and mitigate risk within technical solution designs
Industry Knowledge - Continued self-education of new and emerging threats and relevant processes, controls, or technologies to mitigate them.
Communication Skills - Excellent written and oral skills. Ability to effectively and concisely communicate thoughts at all levels, including executive management. Has organized structure to clearly lay out thoughts
Keywords: Expedite Technology Solutions LLC, Plano , Information Security Consultant, Other , Plano, Texas
here to apply!