Information Security Consultant
Company: Expedite Technology Solutions LLC
Location: Plano
Posted on: March 16, 2023
|
|
Job Description:
Job Description
Summary:
This 100% remote position seeks a seasoned information security
technical subject matter expert who can provide guidance on
information security policies, procedures, technologies and
compliance-related activities as a technical advisor and partner
across the company.
Primary Areas of Responsibility
1. Perform and lead Vendor 3rd party assessment. Security and
technology controls in place to protect data.
. Understand security and how to protect data
b. Review legal contracts on occasion.
c. Participate in quarterly business reviews.
d. Manage the relationship with the vendors
e. Hold quarterly review how vendors are doing, meeting sla's,
etc.
f. Understand vendor risk
2. Perform internal security assessments.
. Assess particular applications
b. Also infrastructure assessments
c. Understand systems, technical environment/landscape
d. Stay abreast of industry trends, update techniques as new
security risks become known.
3. Drive the integration of Archer GRC System with existing tools
to automate vendor and internal assessment process. (Not a PM
role)
. Have RSA Archer and Nancy would like to integrate Archer GRC into
it.
b. Archer experience is very important - workflow, integration of
outputs,
c. Nest 80053, ISO20071, PCI DSS) FFIAC IT Security Handbook
Qualified candidates should have 10 or more years of IT
experience.
Consulting background could be good. Worked in the banking
industry.
Excellent oral and written communication skills.
Poor grammar or typos will be an automatic rejection.
Think independently and make decisions
This is a leadership role, but no management responsibility.
Person will mentor others
Desired:
Experience of Cloud Platforms, GCP, Amazon, Azure,
Data Center to Cloud migration experience
Security Best Practices with SaaS platforms (Security as a
Solution)
Compliance assessor is okay
Will interact with a colleague in Europe.
Eastern or Central Time zone only. No farther West than that.
Responsibilities include leading the assessments of Tier 1 and 2
vendor technology and security controls, as well as assessments of
Global Payments' internal technology and security controls, to
determine control effectiveness.
This person will also drive integration of the company's Archer GRC
system with other tools to deliver on the strategy to perform these
assessments.
Identify risks associated with security control effectiveness and
recommend potential solutions to mitigate or resolve, including
defining compensating controls where feasible.
Work with key stakeholders at multiple levels in order to identify
and align business and Information Security objectives, discover
pain points, provide recommendations, and recognize current and
future security needs.
Job Duties: Demonstrate broad knowledge and understanding of
information security and technology across the company which is
migrating to the cloud. Engage appropriate Infosec subject matter
experts to mitigate risk.
Using industry standard requirements (NIST 800-53, PCI-DSS, ISO
2700x, FFIEC) , determine and execute scoping questions to formally
assess and identify risks associated with critical and high risk
level third party vendors as well as company internal controls.
Produce final reports to leadership, identifying risks, rating the
inherent risk level, as well as residual risk rating for all
findings, and making recommendations for disposition.
Support legal contract reviews when needed, ensuring appropriate
infosec clauses are in place, and participate in quarterly business
reviews of vendors as needed.
Provide oversight and report on risk management programs to
leadership for remediation of findings and evaluate and recommend
solutions to reduce residual risk.
Identify internal information security risk trends across the
organization based on the outcome from performance of security
assessments, and provide monthly reporting as required by the team
leader.
Act as the subject matter expert on Information Security matters,
liaison with other subject matter experts when needed.
Mentor on new and emerging threats that can affect the
organization's information assets.
Collaborate with senior leadership to build mutually beneficial
relationships. Understand business objectives and provide direction
based on best practices, risk, Corporate Policy, and association
and regulatory guidelines.
Research and recommend long term strategies for improving existing
processes and removing inefficiencies.
Provide guidance on internal and industry specific Infosec
policies, procedures, and standards.
Research and stay current on the latest information security and
technology trends, best practices, and technology developments, and
report on new and emerging threats that can affect the
organization's information assets.
Minimum Qualifications:
Bachelor's Degree Relevant Experience or Degree in: Bachelor's
degree in Computer Science, Info Security, or relevant work
experience.
Minimum 8+ Years Relevant experience. Deep knowledge of following
industry standards: National Institute of Standards and Technology
800-53 Cybersecurity Framework (NIST); Payment Card Industry Data
Security Standard (PCI DSS); Federal Financial Institutions
Examination Council (FFIEC) Information Technology Examination
Handbook - Information Security; an International Organization for
Standardization (ISO) 27001/2
Desired Skills and Capabilities:
Previous and recent RSA Archer user. Knowledge of cloud platforms
(Google, Amazon, Microsoft) and challenges associated with
migrating from legacy on-prem platforms.
Knowledge of security best practices associated with SaaS and
client relationships. General knowledge of following industry
standards: General Data Protection Regulation (GDPR); Gramm Leach
Bliley Act (GLBA); and Health Insurance Portability and
Accountability Act (HIPAA)
Certification(s) / Licensing: Professional certifications in any of
the information or risk management areas (i.e., CISSP (Certified
Information System Security Professional); CISM (Certified
Information Security Manager); CISA
(Certified-Information-Systems-Auditor); GSEC (GIAC Security
Essentials); Network+; Security+; etc.
Skills / Knowledge
- Having broad expertise or unique knowledge, uses skills to
contribute to development of company objectives and principles and
to achieve goals in creative and effective ways. Barriers to entry
such as technical committee review may exist at this level.
Job Complexity - Works on significant and unique issues where
analysis of situations or data requires an evaluation of
intangibles. Exercises independent judgment in methods, techniques
and evaluation criteria for obtaining results. Creates formal
networks involving coordination among groups.
Supervision - Acts independently to determine methods and
procedures on new or special assignments. May supervise the
activities of others.
Risk Assessment - Ability to identify, communicate, and mitigate
risk within technical solution designs
Industry Knowledge - Continued self-education of new and emerging
threats and relevant processes, controls, or technologies to
mitigate them.
Communication Skills - Excellent written and oral skills. Ability
to effectively and concisely communicate thoughts at all levels,
including executive management. Has organized structure to clearly
lay out thoughts
Keywords: Expedite Technology Solutions LLC, Plano , Information Security Consultant, Other , Plano, Texas
Click
here to apply!
|